Every few weeks there’s a new scam that makes the rounds on Facebook. This week it’s the “Find out who visits your profile,” scam, which we’ve all seen before. The reason it piques my interest this time is the sheer volume of people falling victim. That coupled with the fact that the victims include some of my more tech-savvy Facebook friends made me want to understand better what exactly the virus is trying to do and how we can all protect ourselves.
The virus works first by gaining access to your Facebook account. Unlike other methods for hacking, which involve somehow accessing your login credentials, this scam needs only for you to click a link posted on your wall or someone else’s wall. To entice you into clicking, the scam offers something lots of people would love to know, but Facebook doesn’t allow: a list of people who’ve viewed your profile. You might receive an e-mail notification that tells you a friend has posted a link on your wall with this context:
“LOL !! Me cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking my Pix and my Profile. You can also see WH0 CHECKS YOUR PR0FILE here)”
The most important thing to understand about this scam is that you should not click the link. If you don’t click the link and opt-in, the virus is rendered powerless. If you click the link, and you happen to be logged into your Facebook account when you do, the virus immediately goes to work posting the same link and content on your friends’ walls. There’s no way to stop it in progress – the only way to repair the damage is to visit each of your friends’ walls one-by-one and remove the post, or message all and hope they haven’t already clicked the link, as well.
Since there’s an email component to the virus for those who’ve elected in their Facebook settings to be notified via email when someone posts to their wall, we’ve seen a surge in submissions of this scam to PhishTank, the anti-phishing clearinghouse we operate. However, this will not be confirmed as a phish because it acts entirely within Facebook. Note the domain for the below submission is Facebook’s: fb.me
Within social networks users are largely accountable for their own safety. The primary thing to remember: if you have any doubt, don’t click the link. Facebook offers this bit of advice:
“Always use caution when clicking on a link or opening an attachment, even if it’s been sent or posted by a friend or other reputable source. If you have any doubt, get confirmation directly from the sender. Be especially wary of messages that include attractive offers or urgent requests, and watch out for links that require you to immediately provide a login and password.”
Oli Perrins
I received this tripe on my wall; luckily it was posted by the sort of morons who would click on that sort of link so didn’t touch it with a barge pole!
posted on May 5th, 2011 at 11:26 am
Brian
I got tired of warning people on Facebook when I see their profile posting these. I found it easier to just block them
With the increasing number of games and apps on Facebook that are collecting data on people its probably best to just not use any of them and this wont happen.
posted on May 5th, 2011 at 11:57 am
Andrew
I clicked the link to see what would happen (I know, I know, please don’t comment on this) – then quickly changed my Facebook login details and the posts stopped after two postings.
posted on May 5th, 2011 at 12:20 pm
Brian
Whats just as annoying is the statuses the people post like:
“Don’t add or . These people are hackers and will get your computers id number. post this as your status, because if any of your friends add them, they’ll hack you too”
Theres so many things wrong with that logic and so many people kept posting them that I stopped messaging each one with a tutorial on how computers/internet/facebook worked
posted on May 5th, 2011 at 12:26 pm
LFC Online
So am I right in thinking that someone who has fallen victim to this scam won’t have their account details compromised, so wouldn’t need to change their login details?
posted on May 12th, 2011 at 11:50 am
Justin Freid
This seems more like an annoyance than a scam.
If the malware designer doesn’t profit through sending people to an ad covered landing page or even attempt to capture people’s login credentials, clicking the link is irritating instead of exploitative. It wastes people’s time and clutters Facebook walls, but beyond that it’s not much of a threat. It might even have let Facebook fix a bug before someone else used the security hole to propagate an actual phishing attack.
Facebook has become good at pretty quickly eliminating every trace of malware like this even if it still can’t prevent it all together. All of the previously poisoned links now point to Facebook.com and Facebook itself cleaned up the wall posts.
posted on May 14th, 2011 at 11:12 am
Saintpoha
I like to know more about this so called SCAM
posted on May 17th, 2011 at 1:20 pm
Arun
Many of my friends affected by these scams. I’m also monitoring these type of scams. These are spreading very fast…
posted on May 23rd, 2011 at 8:34 pm
Kaustav
Nice. Thanks for writing something concrete about it. Many of my friends have been going crazy to know their profile visitors.
posted on May 23rd, 2011 at 11:28 pm
Duffy
Is “virus” really the correct terminology to use here? Personally I would of gone with “Rogue Application”
posted on May 24th, 2011 at 5:24 am
Facebook Scam | Computer Troubleshooters - North Shore
[...] by Allison Rhodes on May 5th, 2011 (See full post here) [...]
posted on May 24th, 2011 at 10:37 am
Facebook Scams and how to avoid them | DragonDon.com
[...] sweet spot for them and they make sure to hit all the emotional buttons to get you hooked. An article on the OpenDNS blog makes some very good [...]
posted on May 24th, 2011 at 6:20 pm
David
This surely isn’t the only message that gets posted by a “virus” supposedly from friends – I’ve had a couple inviting me to look at a video. The use of language in the post and the type of video that’s involved have made it clear to me that they’re not really from the people who apparently posted them as their status.
posted on May 25th, 2011 at 12:54 am
Understanding the Facebook “Find out who views your profile” scam | www.TodayInDillon.com
[...] >> Read the entire article at OpenDNS >> This entry was posted in News, todayindillon. Bookmark the permalink. ← Darian Vanderhoofven and Joshua Vanderhoofven, RIP, Joplin, MO [...]
posted on May 25th, 2011 at 5:13 am
More Facebook Scams | Lizardwebs Computer Repair
[...] This article came to me from one of my favorite companies – OpenDNS – and definitely bears reposting. I see this stuff SOOOO frequently and I seem to be getting these little random postings with great regularity. I don’t believe I could explain this problem any better, so here it is! See the original article on the OpenDNS blog. [...]
posted on May 30th, 2011 at 2:44 am
Mike
The August 2011 outbreak of ‘Who is Viewing Your Profile’ definitely intended to harvest cell phone numbers and e-mail addresses, or to persuade Facebook users to subscribe to a cellphone subscription.
Another version may be starting up again (unconfirmed)- I have noticed a surge in search engine terms for info on this app in the past 2 weeks.
If any reader knows of a this app being active in the last 2 weeks, I would appreciate being informed of the app URL
Please use the comment form or contact form from my site page http://www.graphicline.co.za/viewing_facebook_profile
Your email and other details will be kept private.
Thanks, Mike
posted on September 11th, 2011 at 1:18 am