Once again a scam has spread rapidly across Facebook, claiming to link to a shocking video.
On this occasion, the video claims to be gruesome footage of 18 people killed in a roller coaster accident at Universal Studios in Florida.
Here is a typical message, as has been seen widely on the social network:
(Shocking Video Footage) 18 Dead in shocking roller coaster accident.
Other versions of the scam read:
16 people are confirmed deαd in a roller coaster αccident that occurred at Universal Studios in Florida. Currently there are 8 listed in cгitical coпditioп at an Orlando Hospital.
Facebook users are being duped into clicking on the link of what appears to be a breaking news story because they see the message being posted on their friends’ Facebook newsfeeds. But, of course, it’s not their friends who are posting the message – but a rogue application which has gained access to their profiles.
Here’s what happens if you are tricked into clicking on one of the links, believing that you are about to see the video of what appears to be a horrific accident.
Firstly, a rogue application requests permission to access your profile in order to scoop up information about you and your friends.
In this particular example the app claims to be called “FOXS NEWS(Version 1.2)”, in a clear (albeit ungrammatical) attempt to deceive users into believing that it is somehow connected to a well-known media outlet.
The people behind the app assert, at this point, that they have no intention of posting any messages on your Facebook profile.
However, that promise doesn’t last very long – as the very next thing they do is ask permission to share messages from your Facebook account.
Don’t forget – if you grant an app permission like that, it will be able to post messages in your name, possibly tricking your online friends into clicking on links or believing that you have sanctioned the posting.
Which means that although you might be taken to a webpage which appears as if it might keep its promise of showing you a shocking video…
… a link has already been secretly shared on your Facebook profile in the background.
In this way, scam messages can spread very quickly and help drive traffic to websites on behalf of fraudsters.
Typically money is earnt through affiliate schemes, tricking users into completing online surveys or signing up for premium rate mobile phone services in the belief that they might win a prize.
Clearly you don’t want your Facebook friends to be scammed in this way, and should be careful about what you click on when using Facebook.
If you did make the mistake of falling for this particular scam, you need to revoke the app’s access to your profile so it cannot spread any more messages under your name.
Go to the Applications tab on your Facebook settings, and remove any apps which you don’t want to have access to your account by pressing the “X”.
You will also have the option to remove any dodgy posts the app has made in the past to your profile:
As Facebook notes, it is possible that the third-party behind the app still have access to some of your personal data. Facebook’s suggestion? That you get in contact with the app developer.
Sorry about that. :(
If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:
Smashing Security #75: 'Quitting Facebook'
Listen on Apple Podcasts | Spotify | Google Podcasts | Pocket Casts | Other... | RSS
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.