Since I first warned about the “1st status” survey scams spreading on Facebook earlier this month, the site’s users have continued to be hit by similar attacks.
Here are just a few of the examples we’ve seen spreading today:
1st fb Status by me was:
My first status was:
OMG now i can see my first status i used..
As before, clicking on the links leads to a rogue Facebook application that will post messages on your profile, thus encouraging others to click on the links?
The purpose? To get as many people as possible to take an online survey that earns the scammers money.
Oh, and they don’t ever post your real first Facebook status message. So you don’t even have that pleasure.
What’s frustrating is that Facebook could do more to warn its almost 600 million users against survey scams like this. Simple warning messages posted on the official Facebook Security could instantly inform over 3.5 million users, who would be able to spread the warning to their online buddies.
In this way, users could be alerted to new attacks and scams spreading quickly across the service.
We do our best on the Sophos Facebook page to raise awareness of the scams we see. Over 50,000 people have so far become members of our community there – but that’s still a drop in the ocean.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:[youtube=http://www.youtube.com/watch?v=Or-qR0Y300w&w=500&h=311&rel=0]
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
I suggested to my contacts Facebook Security that they might like to post the video up on their page, but they never responded. :-(
Yeah, I accept that that might sound like a case of sour grapes, and I would be just as delighted if they made their own video or a tutorial telling people about rogue applications and survey scams, how to avoid them, and how to clean your profile up if you do happen to get hit?
Fundamentally wouldn’t it be a good thing if Facebook shared more information with users who are being hit by survey scams and other cybercrimes on a daily basis?