We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before.
The scam starts with a user being tagged in a photo such as the one above. The photograph is posted in an album called “BBC News” to give it authenticity. It typically has over 100+ people tagged in it and it contains the following text: “Everyone do check what she did on cam …. — [URL]”
The short URL typically redirects the users to a .info domain, which then takes the user to a Facebook Application Installation page.
When a user allows the application, the scam continues with that user posting the same photo, tagging over 100 users in it and helping it propagate.
Users are also redirected to another .info domain, which contains a video that is gated by another form of a survey scam:
The scammers have managed to be nimble enough to switch the campaign from one Short URL service to another. At first, this was spreading via Bit.ly:
Over the course of an hour, this particular URL received over 80,000 clicks. However, the scam has since shifted to the Goo.gl Short URL service:
In less than an hour, the goo.gl version of the scam has reached over 125,000 clicks.
Recommendations: First and foremost, don’t click on the link included in the description of the photograph. One of the things you can do to prevent your friends/family members from falling for this is to untag yourself from the photograph:
Additionally, you can report the image so that Facebook can take action against it (this is an important step):
If you’ve been tricked into installing the application, visit the Privacy Settings page and click on ‘Edit Your Settings’ under Apps and Websites. Locate the Rogue Application under the Apps and Websites section (typically has the word “news” in it). Once you’ve located it under the ‘Apps You Use’ section, click on ‘Edit Settings’ in order to remove the application.
Scammers are finding new ways to trick users. The key here is to be aware and to keep your friends and family members in the loop about scams like this one. We can’t stress that enough.
Update: The goo.gl short URL has now logged over 220,000 clicks.
Additionally, the scammers have also moved to TinyURL: