Security researchers warn that a new Facebook scam is tricking users by promising them an application that allows viewing who visited their profile.The spam messages promoting this read: "
See who viewed your profilee original version 2.0: now you can see who viewed your facebook profile [link]"
A thumbnail of the Facebook sidebar menu, which appears to have a new option called "Who's Viewed me," is also accompanying the message.
Following the advertised link takes users to part of a multi-step scam, that asks users to like, share and promote the page before being given access to the intriguing application.
Despite its well designed aspects, this type of attack is rudimentary compared to others, that propagate through rogue applications or clickjacking.
Nevertheless, a lot of users continue to be fouled by the promise of being able to view their profile visitors, a functionality that doesn't exist on Facebook and will probably never will, due to privacy issues.
In fact, the social network is pretty clear about this and its FAQ states that: "
Facebook does not provide a functionality that enables you to track who is viewing your profile, or parts of your profile, such as your photos."
Third party applications also cannot provide this functionality. Applications that claim to give you this ability will be removed from Facebook for violating policy."
During the past year or so, we've seen various scams employing this trick, but one
promoting an application called "Profile Spy" resurfaces again and again.
The purpose of these attacks is to get users to participate in surveys that try to silently sign them up to a premium SMS services, billed on their mobile phone.
"
Scams like this don't need to exploit security vulnerabilities in Facebook's code - all they need to do is socially engineer users into making poor decisions,"
warns Graham Cluley, senior technology consultant at Sophos, who spotted the latest attack.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
