Olive Garden food photo tagged you on Facebook? It’s a viral scam

Have you found yourself tagged in a friend’s photo album on Facebook? Are the pictures of food sold at the Olive Garden restaurant chain?

If so, be very careful where you click.

Olive Garden photos tagged with your name

Messages include:

Sign up to our free newsletter.
Security news, advice, and tips.

Olive Garden Restaurant is giving out free dinners for a full month! Pickup yours today !!!
[LINK]

or

Olive Garden is supplying free dinner plates for one month! Pick up your food now!!
[LINK]

or

Olive Garden Restaurant is giving out complementary dinners for a full month!! Get your meals this instant! [LINK]

Unfortunately, Facebook doesn’t prevent third-party applications from tagging your friends’ names onto photos on your wall – even if there are no people pictured in the photograph! In this way, scammers can spread messages and adverts virally across Facebook with a high level of confidence that your friends will see them.

Olive Garden post

So what happens if you click on the link used in the captions on the photographs?

First thing you’ll find is that you’re taken to a page which attempts to convince you to authorise a rogue application. This is important for the scammers – if you allow their app to access your Facebook page they can then use *your* page and target *your* friends with their scam – spreading it further across the social network.

Rogue application

So, please don’t allow apps like this to access your profile – Don’t press “Allow”.

If you did allow the app to run, then it will create an album on your Facebook profile, containing images of Olive Garden food and tag your Facebook friends – sharing the images with them.

This is not only likely to raise the ire of your Facebook friends, it may also put them at risk of having their Facebook accounts compromised also.

Next on the menu for the scammers is to make some money out of you – they do this by taking you to a webpage which contains a survey scam (they earn money for each survey completed) or other affiliate offers.

Here’s the example I ended up at when I used my Facebook researcher account to investigate this scam:

Offers produced via the Olive Garden scam

There’s no reason, by the way, to believe that the Olive Garden restaurant group is involved in this scam. As far as we can tell, they appear to be innocent victims – having their brand name abused in this fashion.

We’ve seen scammers abuse Facebook in similar ways before, tagging photographs claiming to promote Twilight Breaking Dawn games, and images of Playboy-style bunny girls, but it can also be done with plates of food!

Facebook friends photo tagged

If you’ve been hit by a scam like this, revoke the rogue application’s access rights and delete the offending photo album.

Unfortunately, for reasons best known to itself, Facebook doesn’t allow you to stop people (and applications) from tagging photos with your name in the first place.

This feels to me like a basic privacy option that is essential for Facebook, but there’s no sign that they’re going to add it anytime soon. In fact, they’re introducing a technology which will automatically tag photographs using facial recognition software. Yuck.

You can learn more about how to best configure Facebook’s settings to protect your privacy in our online guide.

If you don’t want to get caught out again, or simply want to learn more about security threats on the social network and elsewhere on the internet, I would strongly recommend you join the Sophos Facebook page where we provide early warnings about such attacks.

Hat-tip: Thanks to reader Andrea Behrens for helping us with this article, and the many other readers who took the time to write to us about this scam.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.