Harmless prank ends in tragedy? No surprise it’s a Facebook survey scam

Graham Cluley
Graham Cluley
@[email protected]

Sophos’s page on Facebook has thousands of members – sharing information about the latest threats. Today I’m indebted to one member, Robert, who alerted me to a new scam spreading virally across the social network.

Amazing how such a harmless prank could cause something so bad!

Users are seeing updates from their online Facebook friends saying things like:

Amazing how such a harmless prank could cause something so bad! [LINK]

Sign up to our free newsletter.
Security news, advice, and tips.

where the link points to a page on Facebook.

Tragic prank or Facebook scam?

If you are tempted into clicking on the link (as many people have been) then you are taken to page urging you to give permission for a third party application to access your Facebook profile.

This is key for the scam to work. The application needs to be able to share its link virally with as many Facebook users as possible – that way, it can maximise revenue for the scammers.

You may not realise this of course. You may believe that you’re simply going to watch a video of a “harmless prank that ends in tragedy”.

If you do give permission to the rogue Facebook application, you’re presented with a page with an embedded YouTube video.

Scary prank video leads to tragedy? No, it's a Facebook scam

The video, which many may find disturbing even though it is clearly fake, shows a masked man waiting in a house for a returning woman. When the woman enters the house he jumps out on her and she runs out of the house and is hit by a passing car.

The video is available on YouTube, but is restricted to 18 year old users and older because of its disturbing content.

But the whole intention of the scam spreading on Facebook is to trick you into completing an online CPALead-affiliated survey which earns money for the scammers.

If you really want to watch videos like this (and I can’t imagine why you would), I’d urge you to dig them out on YouTube directly rather than helping to put money into the pockets of scammers who are making life on more and more of a drag each day. Because when you give a rogue application permission to access your Facebook profile, they’re going to use it to spread their spammy messages.

Newsfeed of user hit by scam

If you have been hit by a scam like this, delete the messages from your profile and remove the rogue applications that have access to your account.

Here’s a YouTube video where I show you how to clean-up your Facebook account:


If you want to learn more about security threats on the social network and elsewhere on the internet, you could do a lot worse than join the Sophos Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.