Tuesday, December 6, 2011

New Facebook scam

A new Facebook scam is spreading today, 6th of December. The interesting thing is that I have seen it posted in Dutch as well.

The method used is the same as in previous Facebook scams, see for example my earlier post:
New Facebook scam

Here is the post in question (in Dutch):

Classical scam post to lure users into clicking the link.

Here's what it reads:
WOW! Mijn profiel is ALLEEN VANDAAG AL 12 keer bekeken.. en ik kan zien dat er behoorlijk wat stalkers bijzitten LOL! Kijk zelf wie jou allemaal in de gaten houdt op #removed#

In English:

WOW! My profile has been seen 12 time ALREADY ONLY TODAY .. and I can see that quite a few stalkers are included LOL! See for yourself who's keeping an eye on yoy on #removed#

The link has been shortened by the bit.ly URL shortening service. While this service is not malicious on itself, it can also be used by persons with malicious intent, whether it would be hackers, malware authors, ... Or in this case scammers.

Let's review some stats for the bit.ly link first:

98 clicks on this link in the last hour

Top countries, including: France, Germany, The Netherlands

Facebook.com is the most referring site

At the moment of writing, there have been over 1,000 clicks on the link so far. I have already reported it to bit.ly and it should be taken down soon.

UPDATE: bit.ly has already issued a warning for when you click on the link. (12/07/2011)

Now let us analyse where the bit.ly link is taking us. The link can redirect you to different websites, but they will all (so far) redirect you to a page similar to this one (depending on your location):

Who is viewing your Facebook profile ?

You probably don't remember my post from February this year, but the concept is the same: you can supposedly view who's been "stalking", or viewing, your profile. This to attract users on clicking the link. Who doesn't want to see this, right ? Here is my post from early this year:
Facebook rogue applications still lurking around

You can presented with a screen like this (I have several, but I will only post one as example):

Are you the "lucky" winner ?

As stated previously, the concept is the same. Before you can see who's been viewing your profile, you need to fill in a short service to continue.

You may have won a prize, you may have won an iPad, you may have won free ringtones, you may have won a free iPhone application, etc, etc, etc, .... This is of course all a lie.
Remember: if it looks too good to be true, it probably is !

You have to fill in your email address and/or phone number to continue as well. At the end you will end up losing a lot of money, leaving your email address in the open and maybe worse.

Remember: if you click the link while logged in to Facebook, it will also post it on your own wall.


Conclusion is pretty straightforward: do not click on any of the links ! If in doubt, send your friend on Facebook (or if someone sent you the link) via PM if he or she knows what this is about.

To remove this from your or your friend's wall, click on the X on the message, and choose to "Report/Mark as spam" or "Remove Post".

You can also use a linkscanner to verify the integrity of a link on either http://www.urlvoid.com or https://www.virustotal.com/

To get some information on a bit.ly (or other URL shortener serivce) link, you can use any of the following websites:
- http://www.getlinkinfo.com/
- http://longurl.org/
- http://www.longurlplease.com/ (includes Firefox extension)

To report a malicious bit.ly link use:

For any other question, do not hesitate to post a comment !