A new malicious Facebook campaign comes with an extra added bonus — the chance to spread your very own scam.
Scams advertising applications such as "Profile Creeps" and "Creeper Tracker" are luring in Facebook users interested in finding out who is viewing their profiles.
“I just saw who STALKS me on Facebook! You can see who creeps around your profile too!” reads one of the scam messages.
This ploy has been seen several times; it works well because it’s a social engineering trick designed to play into people’s inherent curiosities and insecurities. But this one has an added element.
Users who fall for this trick are directed to a survey page, in which completed user surveys generate money for the scammers. After the survey is taken, the scammers turn the tables and offer the scam software directly to the victims.
For $25, the victim can purchase a toolkit called “Tinie app,” which includes step-by-step directions on how to virally spread your own Facebook scam.
“This phenomenon of template Facebook applications like Tinie app shows how the spamming culture is consolidating more and more around Facebook," said the security firm Websense.
Putting the cybercrime tools in the hands of those who’ve been duped could have disastrous – or at the very least annoying — consequences.
It could, for example, allow fledgling Facebook hackers to infiltrate the accounts of five Missouri state representatives including Stacey Newman, Dave Schatz and Donna Lichtenegger, and post messages such as “I love lobbyist! All the free food and stuff you get. This job is awesome!” according to the security firm Sophos.
Lichtenegger admitted that on the day her account was taken over, she had been accessing Facebook via the Missouri State Capitol building’s free public Wi-Fi.
While Facebook's newly released secure browsing option — in which users can access the site using an encrypted HTTPS connection — could have helped the legislators, Softpedia reports that the feature contains a bug that disables it whenever a non-secure app is called upon.
A newbie Facebook scammer with the $25 toolkit could also post a message claiming to have a video of a father catching his daughter stripping for a webcam.
The scam, which is currently spreading through Facebook, comes with a message that reads “OMG she is so busted!! Dad Catches Daughter on Webcam!” and includes a link to the supposed racy video, Sophos reported.
The link directs users instead to a rogue application that attempts to access users’ personal information and post the fake webcam message to their walls.