The latest Facebook scams tag users in random photos to encourage people to click on them before hitting them with malicious videos or surveys.
Scammers have been taking
advantage of Facebook's photo-tagging capability to get their spam links in
front of as many people as possible.
There've been several scams recently
on Facebook where users discover their friends have tagged them on a photo.
This is not malicious in itself, since that's what friends often do. However,
when the users click on these links to see the image, they are sent to a
malicious application, either a survey scam or a video site, and the same
message is posted on their Walls. This time, their friends are tagged in that
A lot of these scams are in
circulation-just ask Marc Benioff
Salesforce CEO. Based on a screenshot posted on URL-shortener and content
sharing site Ow.ly on April 13, it appears that Benioff was tagged in a
friend's photo album containing a racy image of a scantily clad woman. The
message accompanying the link encouraged users to click to view a video.
This kind of scam "seems to
happen on a weekly basis," Benioff told eWEEK. He cleaned up three such links
from his profile page yesterday and one today, he said.
In this instance, Benioff
added a new "friend," who then posted that tagged photo, he said. Many of
Benioff's photos on Facebook are actually ads and things the partners "are
trying to get me to see," he said. "It's the cost of having 5,000 -friends,'"
When he encounters these
images, he "unfriends" that friend and tags the image as spam to
alert Facebook, Benioff said. "Hopefully that does something," said
Benioff's profile page is
fairly restricted and requires people to request to be added as a friend. His
fan page has over 5,432 fans.
On the Naked Security blog, Graham
Cluley, a senior technology consultant at Sophos, recently described three
different photo-tagging scams. They included girls dressed like bunnies, food
photos from restaurant chain Olive
, and photos from the vampire saga Twilight
This is a "change from their normal tactics," Cluley said as it exploits
Facebook's "loosely controlled" photo-tagging feature with social-engineering
tricks to succeed.
"Scammers can spread
messages and adverts virally across Facebook with a high level of confidence
that your friends will see them," Cluley said.
Facebook doesn't give users
a way to stop people and applications from tagging photos with their names.
Cluley said it was a "basic
that is essential for Facebook," but noted that there was
almost no chance of it being added, as Facebook is moving toward automatically
tagging photos using face-recognition software.
When users click on the
offending link, they are often prompted with the standard Facebook application
message asking permission to access user information and post to the wall.
Accepting this message spreads the spam to the user's friends by tagging the
photo with their names.
If a user accidentally
clicks on the link but doesn't authorize the application to access their
profile, they will avoid spreading the spam. If the user does fall victim, they
should immediately revoke the rogue application's permissions from their
settings, Cluley said.
After the message is spammed
out, users may see a malicious video or be asked to fill out surveys for prizes
Photo-tagging is a
"loose end that can bring unwanted information to your page," Benioff
said, but "that's life on Facebook. You have to self-police."