by Allison Rhodes on May 5th, 2011 (See full post here)
Every few weeks thereâ€™s a new scam that makes the rounds on Facebook. This week itâ€™s the â€œFind out who visits your profile,â€ scam, which weâ€™ve all seen before. The reason it piques my interest this time is the sheer volume of people falling victim. That coupled with the fact that the victims include some of my more tech-savvy Facebook friends made me want to understand better what exactly the virus is trying to do and how we can all protect ourselves.
The virus works first by gaining access to your Facebook account. Unlike other methods for hacking, which involve somehow accessing your login credentials, this scam needs only for you to click a link posted on your wall or someone elseâ€™s wall. To entice you into clicking, the scam offers something lots of people would love to know, but Facebook doesnâ€™t allow: a list of people whoâ€™ve viewed your profile. You might receive an e-mail notification that tells you a friend has posted a link on your wall with this context:
â€œLOL !! Me cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking my Pix and my Profile. You can also see WH0 CHECKS YOUR PR0FILE here)â€
The most important thing to understand about this scam is that you should not click the link. If you donâ€™t click the link and opt-in, the virus is rendered powerless. If you click the link, and you happen to be logged into your Facebook account when you do, the virus immediately goes to work posting the same link and content on your friendsâ€™ walls. Thereâ€™s no way to stop it in progress â€“ the only way to repair the damage is to visit each of your friendsâ€™ walls one-by-one and remove the post, or message all and hope they havenâ€™t already clicked the link, as well.
Since thereâ€™s an email component to the virus for those whoâ€™ve elected in their Facebook settings to be notified via email when someone posts to their wall, weâ€™ve seen a surge in submissions of this scam to PhishTank, the anti-phishing clearinghouse we operate. However, this will not be confirmed as a phish because it acts entirely within Facebook. Note the domain for the below submission is Facebookâ€™s: fb.me
Within social networks users are largely accountable for their own safety. The primary thing to remember: if you have any doubt, donâ€™t click the link. Facebook offers this bit of advice:
â€œAlways use caution when clicking on a link or opening an attachment, even if itâ€™s been sent or posted by a friend or other reputable source. If you have any doubt, get confirmation directly from the sender. Be especially wary of messages that include attractive offers or urgent requests, and watch out for links that require you to immediately provide a login and password.â€