Bogus Facebook App Offers to Let Users See Profile Visitors

A rogue application that promises to allow Facebook users to know who visited their profile page is circulating the social network.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

A new iteration of an old scam has surfaced on Facebook pushing a fake application that promises to enable users to see who has visited their Facebook page.

The problem? Facebook does not allow this capability. According to Sophos, the app is spreading across the social network with messages that say: "OMG OMG OMG... I cant believe this actually works! Now you really can see who viewed your profile! on [link]."

Those who click on the link accompanying the message are taken to a Web page that asks them to permit the application to have access to their Facebook profile, blogged Graham Cluley, senior technology consultant at Sophos. Granting that permission will make a user's profile "yet another victim of the viral scam. ... And no, you don't ever find out who has been viewing your profile."

This is far from the first time this type of application has circulated the network. Tempting as it may be for a user to know who is visiting his or her page, promises to keep track of that type of information are invalid.

"Facebook does not provide the ability to track who is viewing your profile, or parts of your profile, such as your photos," the company states in its Help Center. "Applications by outside developers cannot provide this functionality, either. Applications that claim to give you this ability will be removed from Facebook for violating policy."

The company later states, however, that while it does not provide an app that enables users to track profile views or statistics on the views of specific user content, third-party developers may offer some of this functionality. Still, the company has made it "technically impossible" for applications to track profile visits for users who simply go to another user's profile.

According to Cluley, the current campaign is using a variety of different links, but via Sophos has observed that at least one of them has tricked nearly 60,000 people into clicking.

"Always think before you add an unknown application on Facebook, and ask yourself if you're really comfortable with ceding such power to complete strangers," he blogged. "Rogue application attacks like this, spreading virally, are becoming increasingly common-and do no good for anyone apart from the scammers behind them."