Several, all flagged by Sophos. The first is about links alleged to be to video footage of a gory rollercoaster accident variously claimed to have happened in the UK, Australia and Hollywood. Of course, there’s no such video because there’s no such story, and clicking involves being lured into approving a rogue application and completing a survey in order to make money for the scammer. Story by Graham Cluley at http://nakedsecurity.sophos.com/2011/04/10/theme-park-accident-video-used-as-bait-by-facebook-viral-scammers/.
Subsequently, Paul Ducklin has blogged on a story on a Facebook profile viewer scam. These are ten a penny: they try to draw you into running a rogue app that will, they claim, enable you to see who has been viewing your Facebook and/or Twitter profile. This one, though, has a new wrinkle. It tries to bypass Facebook checking by persuading you to paste some javascript into your browser (no, it doesn’t look like javascript…) which fetches another script that invites your friends to join a Facebook group, rather than approving an application.
If you fall for it, it eventually you get to a survey/competition scam. See http://nakedsecurity.sophos.com/2011/04/11/facebook-scam-social-tagging-worldwide/ for more details.
And even as I was typing this, Graham flagged yet another survey scam: this one targets fans of the Twilight saga: http://nakedsecurity.sophos.com/2011/04/11/the-twilight-breaking-dawn-facebook-scam/
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow
[…] More Facebook scams (chainmailcheck.wordpress.com) […]
By: Twilight Breaking Dawn FB Scam Spreads Virally « Pratyush K. Pattnaik on April 12, 2011
at 3:50 pm
[…] rather sparse information to date is the whole of the story. But there is an indication of how that might have been accomplished on a Sophos blog […]
By: Facebook, what’s a “self-XSS vulnerability”? « Check Chain Mail and Hoaxes on November 17, 2011
at 9:46 pm