Facebook users are being targeted in a scam that offers them a chance to install a "dislike" button.
The scam tricks users into allowing a rogue application to access their profile page, which then posts spam messages.
It also attempts to lure people into completing an online survey, for which the scammers are paid money.
The social network already offers a "like" button that allows people to rate other user's comments and posts.
Graham Cluley of security firm Sophos said it was the latest in a series of "survey scams" that included links to a video purporting to show an anaconda vomiting up a hippo.
"One thing we commonly see is that the message starts 'OMG, shocking video'," he said.
"And they appear to come from your Facebook friend, giving it a ringing endorsement."
Unknown appsThe dislike button scam prompts people to download an application with the message: "Download the official DISLIKE button now."
When users click on the link it prompts them to install a rogue application, which does not function as a dislike button.
Once a user has given it permission to access their profile, it updates the user's page with a link and a message: "I just got the dislike button, so now I can dislike all of your dumb posts lol!!!"
“Start Quote
End Quote Facebook spokespersonWe always encourage people to not click on links that appear suspicious - even if posted from a friend”
"Many people are giving permission for completely unknown apps," Mr Cluley told BBC News.
The surveys appear to be from genuine companies, he said.
"As far as we can tell, they appear to be legitimate," he said. "It could be that the firms are not policing their affiliates properly."
The scam finally points users towards a Firefox add-on that installs a "dislike" button.
Mr Cluley said the add-on also appears to be legitimate.
Ron Sharpp, CEO of FaceMod, the maker of the add-on, told BBC News that his company was "in no way affiliated with the online scams".
He said the firm had been sent "several support e-mails" asking about the surveys.
"In response, we've taken efforts to remind our users that those are not official posts and warning users not to download any version of our add-on from an alternate source," he said.
In addition, the company has issued a warning via its Facebook page.
A spokesperson for Facebook said it also regularly warns users about rogue applications.
"We always encourage people to not click on links that appear suspicious - even if posted from a friend," a spokesperson said.
The site has a "very quick process in place" to make sure that links and rogue applications were taken down quickly, they added.
"They can report any posts to us. We can make sure that we take down any application or all of the links across Facebook."
But Mr Cluley said that although Facebook could respond quickly, it should police the development of rogue applications more closely.
"Anyone can write a Facebook app - these scams are constantly springing up," he said.
No comments:
Post a Comment