It shouldn’t come as a surprise that malicious activity on social networks such as Facebook has risen over the last few years, as the people behind these scam operations continue to improve their efforts. The appeal of targeting these sorts of users is the inherent trust that is built-into social networks.
Currently, there is an ongoing campaign targeting Facebook users. Users are posting status updates that claim to show what their first status update on Facebook was.
First instance of the '1st status' update scam spreading
There are some common elements amongst most of the status updates
- Most of the ’1st status’ updates for users are the same
(“facebook is hard to use”, “let’s see how facebook works”) - The ’1st status’ update date value is either an arbitrary date (10/07/2009) or taken from the day the user signed up
- The links in the updates are either wrapped in a URL Shortener (Bit.ly and TinyURL) or link directly to a scam Facebook application
Linking directly to one of the many '1st status' scam applications
When a user clicks on the link such as the one above, they are taken to the rogue Facebook application. Instead of being prompted with a button to proceed, the page redirects to the application installation page
Installing the 'Ya SAlD What' scam application
Another one of the common themes amongst these rogue Facebook applications is that they are usually created by a fake account, with 99.99% of them being female users. This coincides with one of the measures Facebook has in place to deactivate fake accounts, which went awry late last year disabling the accounts of many legitimate users, most of whom were female.
Most rogue Facebook apps developed by fake accounts with female photos
In order to ensure the scam continues to spread, there are multiple versions of the scam applications being spread around by different users. The updates are common, the names of applications are different, but they all attempt to play on a users’ desire to know what their first Facebook status update was.
Another variant of the '1st Status' scam app
This application also has been created by a fake 'female' account
In one instance, there were two applications used in the installation process. The first was called ‘firststatusupdateab’ which, when installed, redirected the user to ‘firststatusupdateaa’ leading to the payload: a survey scam. Yes, the majority of these rogue Facebook applications lead users to a destination website with links to fill out surveys or complete a trial offer. We’ve seen similar survey/trial offer scams used in the Free iPhone/iPad scams that have hit both Facebook and Twitter.
Once an application is installed, it leads to some form of a survey scam
Why survey scams? Simple: Affiliate programs. The scammers behind these applications know that by targeting these unsuspecting users, they can rack up money for each successful survey that is filled out and/or each trial offer that users are duped into committing to.
Just how widespread are these survey scams? Some statistics gathered from some of the shortened URLs via Bit.ly show that in the last three days there were over 100,000 hits for one URL, while another shows over 80,000 hits.
Statistics for one URL show over 100,000 hits
If you’ve fallen victim to one of these scams, you can remedy the situation. The first thing you need to do is remove the scam status updates from your Facebook wall. This way, no one in your circle of family and friends will also be affected.
The next step is to remove the scam Facebook application from your profile. You need to browse to your Account tab in the top right corner of the navigation window and click on the Privacy Settings link.
To remove the scam application, browse to your Privacy Settings page
Once on your Privacy Settings page, you need to click on ‘Edit Settings’ under the Apps and Websites column
Click on 'Edit Settings' in order to remove scam applications
After you’ve done this, you will see some of the applications that you are currently using. Click on the “Remove unwanted or spammy apps” link to proceed to the next page.
Click on "Remove uwanted or spammy apps"
In order to remove the scam application, you need to click on the “x” next to Edit Settings. You will then be prompted with a dialogue box asking you to confirm the removal of the application.
Click on the "x" next to Edit Settings in order to remove this application
You've successfully removed the scam application
As we continue to see this scam circulate, we urge users to warn their families and friends to be weary of these types of scam applications.