"No WAY, I Found Out Who Has Been Looking at My Profile" scam spreads on Facebook

Here’s a message I received from a reader earlier today:


Urgent help!!!
Have a facebook virus that all my friends get tagged a photo by me saying ‘No WAY, I Found Out Who Has Been Looking at My ProfiIe’ stalking your profile

Looking how to stop it immediately
Thanks, Shaul

Sign up to our free newsletter.
Security news, advice, and tips.

Saul’s a smart guy. He knows that you can’t see who has been looking at your Facebook profile, and he wanted the messages to stop appearing on his account.

I took a link at Shaul’s Facebook profile, and this is what I found:

No WAY, I Found Out Who Has Been Looking at My ProfiIe

No WAY, I Found Out Who Has Been Looking at My ProfiIe — with [NAME] and [X] others.

By tagging the photographs with the names of other people on Facebook, the scam is hoping to spread to others and trick them into clicking on the link.

Furthermore, similar messages had been posted time and time again – each with an attached photograph – much to the annoyance of Shaul who was finding them clogging up his photo albums:

Photo album

Fortunately, at the time of writing, the links result in a “page not found” message – but chances are that at some point they directed unsuspecting users to a rogue Facebook application that would attempt to hijack control of their accounts or start spamming innocent social networkers.

It’s not entirely clear how Shaul’s account become affected by this scam, but here are my suggestions if you find yourself in a similar situation:

[unordered_list style=”tick”]
  • Delete the offending messages/photos from your Facebook profile. At least that way, you’ll reduce the chances of other people seeing them.
  • Run an up-to-date anti-virus program. It’s possible that your computer or web browser has been compromised by some malware which is posting messages on your behalf, without you realising.
  • Make sure that your other software is up-to-date too. For instance, that you are running the latest operating system patches, and that your browser and other software – such as Adobe Flash, Java etc – are the latest versions.
  • Change your Facebook password – just in case it has been stolen by the criminals behind the scam. By the way, if you’re changing your password make sure that you don’t use that same password *anywhere* else on the net, and that it is not an easy-to-crack word.
  • Go to https://www.facebook.com/settings?tab=applications, where you should revoke any third-party Facebook apps that you do not trust or recognise.

Thanks to grahamcluley.com reader Shaul for posing the question. I hope this helped answer it, Shaul!

If anyone else has a question – feel free to drop me a line at [email-obfuscate email=”[email protected]?subject=Tip” link_title=”[email protected]”]. I can’t promise to answer them all, but I can always try…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.