“18 Dead in shocking roller coaster accident” Facebook scam

Once again a scam has spread rapidly across Facebook, claiming to link to a shocking video.

On this occasion, the video claims to be gruesome footage of 18 people killed in a roller coaster accident at Universal Studios in Florida.

Here is a typical message, as has been seen widely on the social network:

Shocking accident? No, it's a Facebook scam

(Shocking Video Footage) 18 Dead in shocking roller coaster accident.

Other versions of the scam read:

16 people are confirmed deαd in a roller coaster αccident that occurred at Universal Studios in Florida. Currently there are 8 listed in cгitical coпditioп at an Orlando Hospital.

Facebook users are being duped into clicking on the link of what appears to be a breaking news story because they see the message being posted on their friends’ Facebook newsfeeds. But, of course, it’s not their friends who are posting the message – but a rogue application which has gained access to their profiles.

Here’s what happens if you are tricked into clicking on one of the links, believing that you are about to see the video of what appears to be a horrific accident.

Sign up to our free newsletter.
Security news, advice, and tips.

Firstly, a rogue application requests permission to access your profile in order to scoop up information about you and your friends.

In this particular example the app claims to be called “FOXS NEWS(Version 1.2)”, in a clear (albeit ungrammatical) attempt to deceive users into believing that it is somehow connected to a well-known media outlet.

The people behind the app assert, at this point, that they have no intention of posting any messages on your Facebook profile.

Will you give this app access rights to your Facebook profile?

However, that promise doesn’t last very long – as the very next thing they do is ask permission to share messages from your Facebook account.

Would you allow this app to post to your Facebook?

Don’t forget – if you grant an app permission like that, it will be able to post messages in your name, possibly tricking your online friends into clicking on links or believing that you have sanctioned the posting.

Which means that although you might be taken to a webpage which appears as if it might keep its promise of showing you a shocking video…

Webpage claiming to contain shocking video

… a link has already been secretly shared on your Facebook profile in the background.

Scam message spreading on Facebook

In this way, scam messages can spread very quickly and help drive traffic to websites on behalf of fraudsters.

Typically money is earnt through affiliate schemes, tricking users into completing online surveys or signing up for premium rate mobile phone services in the belief that they might win a prize.

Clearly you don’t want your Facebook friends to be scammed in this way, and should be careful about what you click on when using Facebook.

If you did make the mistake of falling for this particular scam, you need to revoke the app’s access to your profile so it cannot spread any more messages under your name.

Go to the Applications tab on your Facebook settings, and remove any apps which you don’t want to have access to your account by pressing the “X”.

Enter settings to revoke the app's access

You will also have the option to remove any dodgy posts the app has made in the past to your profile:

Don't forget to clean up any dodgy messages the app may have shared from your account

As Facebook notes, it is possible that the third-party behind the app still have access to some of your personal data. Facebook’s suggestion? That you get in contact with the app developer.

That’s going to be tricky in this case, however, as the privacy policy link that Facebook links to for the “FOXS NEWS(Version 1.2)” app is somewhat… uh… lacking when it comes to contact information.

Good luck getting in touch with these guys

Sorry about that. :(

If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.