Lost all respect for Miley Cyrus? Facebook survey scam spreads virally

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Lost all respect for Miley Cyrus? Facebook survey scam spreads virally

Toni, one of the members of the Sophos Facebook page, just got in touch with me asking if I’d seen the latest scam spreading virally across the social network.

Users are seeing messages posted by their online friends about teen popstar Miley Cyrus. They look like the following:

SICK! I lost all respect for Miley Cyrus when I saw this photo

SICK! I lost all respect for Miley Cyrus when I saw this photo

We have seen a number of different URLs being used in the messages, but they all redirect to a page which shows a traffic sign-like image of the word “respect” crossed out in red.

The page also says “SICK! I lost all respect for Miley Cyrus when I saw this photo” followed by a large flashing graphical button labelled “CLICK HERE” under the message “Please click here, then ALLOW to see the photo.”

Regular readers of Naked Security like Toni will already be smelling something fishy at this point, but there will inevitably be some Facebook users who will feel compelled to explore further.

I’ll save you the trouble of risking your Facebook account, by explaining what happens next.

If you do click on the “CLICK HERE” button you will be taken to a standard Facebook application permissions dialog, which asks for you to approve the third-party app to access your personal data, send you emails, post status messages and pictures to your wall.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s hard to believe that people would allow this to happen, but if you’re desperate to see a picture of Miley Cyrus which will make you lose all respect for her (the mind boggles..) then you may well click further on.

Rogue application permissions

Unfortunately continuing is a mistake, as you will be lead directly to a CPALead survey, which earns the scammers money every time one of their dumb questionnaires is answered.

The scammers only need a few people to complete their survey to make it financially worthwhile to build rogue applications like this – that’s why there are so many of them. If only Facebook took a tougher line about the applications it allowed on its network.

Account spamming about Miley Cyrus

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.