HCG diet spam attack hits Facebook users, spreads rapidly

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Many Facebook users are finding that their friends are announcing online that they have lost weight, and are directing others to follow the HCG diet.

Here’s a typical message:

I've lost 10 pounds in just one week all thanks to HCG!

I've lost 10 pounds in just one week all thanks to HCG! Check it out [LINK]

Sign up to our free newsletter.
Security news, advice, and tips.

followed by a comment, seemingly from the same user, saying:

Never thought losing weight could be so easy!!!

Other versions can use different language, such as:

I've lost over a stone in just 2 weeks all thanks to HCG! Check it out [LINK]

If you follow the link, you are typically taken (via a blogspot url) to a website touting a miracle diet.

Waistline. Credit: ShutterstockOf course, it would be something of a coincidence if so many thousands of Facebook users had all lost 10 pounds at the same time, and all decided to tell their Facebook friends using precisely the same wording, wouldn’t it?

If you see a Facebook friend has posted a message like the one above, tell them that scammers have taken advantage of their account to spew out diet spam, and advise them to be a lot more careful in future.

The good news is that if you’re using Sophos products then we can intercept the dodgy webpage, and prevent you from putting even more money into the pockets of the scammers.

Scam webpage intercepted by Sophos

Got a friend who has sent out the diet spam message? If they find any suspicious posts on their newsfeed, or unexpected apps or pages that they have liked, then they should obviously remove them.

Affected users should also run an up-to-date anti-virus program on their computers and scan for a possible malware infection. If there is malware present, it may have also grabbed your online passwords – make sure that you haven’t left a backdoor open to your website accounts and change your passwords.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.

Image credit: Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.