Sunday, 21 November 2010

Beware the Justin Bieber erection Facebook scam | Naked Security

That's possibly the most unlikely headline I've ever had to write in my computer security career, but never mind..

My guess is that regular readers of the Naked Security site might not be ardent fans of Justin Bieber - but chances are that some of you have young daughters of nieces who can't get enough of the pint-sized pop hamster.

If that's the case then they might be intrigued by a message that is spreading virally across the Facebook social network claiming to be footage of... and how can I put this delicately? I don't think I can.. Justin Bieber with an erection.

Messages like the following are being seen:

WTF !! I just saw that Justin Bieber got erection in a public interview.lol

WTF !! I just saw that Justin Bieber got erection in a public interview.lol

Probably not the type of message you would typically click on from your office computer, but maybe a young teenybopping music fan in your household would find the subject matter irresistible to investigate further.

And if they do click on the link they are taken to a Facebook page with the message "Justin Bieber gets a boner in Public !!!", and an invitation to "Click to watch" a video.

Click to watch

The page contains a graphic claiming that the application is a "Facebook verified app" (which seems unlikely given the subject matter).

Would young female fans of Justin Bieber be likely to go further - I suspect so..

As is normal in scams like this on Facebook, you are then presented with a message from Facebook asking you to confirm that you are happy for the third party application to have all sorts of access to your Facebook account - including the ability to post messages to your wall.

This is your last chance to be sensible, and not put your account at risk. Unfortunately far too many people are tricked by social engineering to give suspicious third party apps like this full reign to mess around with their Facebook accounts. If they're not using the modern day equivalent of David Cassidy you lure users into granting permission, they're pretending to be new Facebook functionality like "Dislike" buttons, or pretending to be free tickets with an airline.

But if you do make the mistake of clicking further, then you will find that you are not watching a video of Bieber having trouser trouble, but instead being asked to take a survey.

Survey scam

Surveys like this generate revenue for the scammers who are behind the application - they earn commission for every survey that is completed.

In the background. meanwhile, the rogue application has abused your social networking account spreading the spam virally via your wall to your Facebook friends and family.

Message posted on victim's wall

It's only natural that scams like this will continue for as long as users continue to fall for silly tricks like this, and the scammers continue to find it financially rewarding.

If you've been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Don't forget - if you know young people who use Facebook, you should warn them about scams like this and teach them not to trust every link that is placed in front of them.

If you're a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.

Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.

Flickr - projectbrainsaver

www.flickr.com
projectbrainsaver's A Point of View photoset projectbrainsaver's A Point of View photoset