“18 Dead in shocking roller coaster accident” Facebook scam

Graham Cluley
@gcluley

Once again a scam has spread rapidly across Facebook, claiming to link to a shocking video.

On this occasion, the video claims to be gruesome footage of 18 people killed in a roller coaster accident at Universal Studios in Florida.

Here is a typical message, as has been seen widely on the social network:

Sign up to our newsletter
Security news, advice, and tips.

(Shocking Video Footage) 18 Dead in shocking roller coaster accident.

Other versions of the scam read:

16 people are confirmed deαd in a roller coaster αccident that occurred at Universal Studios in Florida. Currently there are 8 listed in cгitical coпditioп at an Orlando Hospital.

Facebook users are being duped into clicking on the link of what appears to be a breaking news story because they see the message being posted on their friends’ Facebook newsfeeds. But, of course, it’s not their friends who are posting the message – but a rogue application which has gained access to their profiles.

Here’s what happens if you are tricked into clicking on one of the links, believing that you are about to see the video of what appears to be a horrific accident.

Firstly, a rogue application requests permission to access your profile in order to scoop up information about you and your friends.

In this particular example the app claims to be called “FOXS NEWS(Version 1.2)”, in a clear (albeit ungrammatical) attempt to deceive users into believing that it is somehow connected to a well-known media outlet.

The people behind the app assert, at this point, that they have no intention of posting any messages on your Facebook profile.

However, that promise doesn’t last very long – as the very next thing they do is ask permission to share messages from your Facebook account.

Don’t forget – if you grant an app permission like that, it will be able to post messages in your name, possibly tricking your online friends into clicking on links or believing that you have sanctioned the posting.

Which means that although you might be taken to a webpage which appears as if it might keep its promise of showing you a shocking video…

… a link has already been secretly shared on your Facebook profile in the background.

In this way, scam messages can spread very quickly and help drive traffic to websites on behalf of fraudsters.

Typically money is earnt through affiliate schemes, tricking users into completing online surveys or signing up for premium rate mobile phone services in the belief that they might win a prize.

Clearly you don’t want your Facebook friends to be scammed in this way, and should be careful about what you click on when using Facebook.

If you did make the mistake of falling for this particular scam, you need to revoke the app’s access to your profile so it cannot spread any more messages under your name.

Go to the Applications tab on your Facebook settings, and remove any apps which you don’t want to have access to your account by pressing the “X”.

You will also have the option to remove any dodgy posts the app has made in the past to your profile:

As Facebook notes, it is possible that the third-party behind the app still have access to some of your personal data. Facebook’s suggestion? That you get in contact with the app developer.

That’s going to be tricky in this case, however, as the privacy policy link that Facebook links to for the “FOXS NEWS(Version 1.2)” app is somewhat… uh… lacking when it comes to contact information.

Sorry about that. :(


If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/3e3e8a52-4c1e-45c7-8271-8c13eb312039.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.