Did Michael Jackson fake his death? Rogue Facebook app uses ghoulish lure

Graham Cluley
Graham Cluley
@[email protected]

Michael Jackson may have died on June 25, 2009, but conspiracy theories about his death continue to thrive.

Perhaps one of the craziest theories is that the so-called Prince of Pop didn’t die at all, but instead faked his own death. It’s hard to imagine that anyone seriously believes this, but this is precisely the kind of thing that makes the internet go around – and so it’s not surprising that some ghoulish hackers might try and take advantage.

Here’s a message I found on Facebook:

Did Michael Jackson fake his death? Look at this video!

Clicking on the link takes you to an image of Michael Jackson wearing his trademark costume and bejewelled glove.

The page asks you to click on his image, which takes you to a third-party Facebook application.

At this point alarm bells should always be ringing. Why would you need to install an application to view the video? Why doesn’t the link point directly to a video hosted on Facebook or to a popular video website such as YouTube?

The application asks for permission to scour through the personal information on your Facebook profile, access data about your friends, post to your wall, and even send you personal emails.

Would you be prepared to give all this away to view a video? I’d hope not. But sadly many people on the internet might be intrigued enough to hand over permission with the promise of seeing a video.

Sign up to our free newsletter.
Security news, advice, and tips.

Ultimately, you will see a video player – but it’s too late for your Facebook account which can now be accessed by parties unknown using their rogue application. You have effectively given them the keys to your house – so don’t be surprised if they rifle through your personal information, or use your Facebook account to spread more spam messages.

Scam video player

One thing I’m certain isn’t a hoax, however. And that’s that many Facebook users will fall for a scam like this.

If you’re one of them, make sure you revoke the application’s permission to access your Facebook account. You can do this via Account/ Privacy Settings/ Applications and Websites.

Revoke application's permission on Facebook

Don’t forget to also edit your profile to remove any unauthorised pages from your “Likes and interests”.

Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.