What a busy morning for security on Facebook! Several Valentine’s Day scams are spreading, along with a falsely promised video of an Italian schoolteacher striptease. A third spam campaign has been extinguished but provides a lesson about brand hijacking.
The Valentine’s Day scams seem most troublesome because the appeal to one’s dating instincts makes it hard not to click on these applications, at least if you’re single and looking. Try to avoid the temptation because the exercise only wastes your time, spams your friends and exposes you to malware. Ultimately, all of the apps lead to the familiar marketing survey and if you complete one it gives money to the spammer. Just say no!
Better yet, click on the link to report the application if come across one. Facebook security has its hands full nailing this set of rogue applications because they appear to reincarnate in a growing number of names, like Valentine Locator, Fun Valentines, Valentine’s Day and so on.
Another scam that appears to have been halted provides a cautionary tale for all page administrators: A rogue application called itself Van Gogh Museum’s Photos despite having nothing to do with Amsterdam’s venerable art institution. Instead the ?app led to a page labeled “I was logged in to Facebook for XXXX hours in 2010,” a reincarnation of scheme promising to tally how long you’ve spent on the site during the year and of course only leading to yet another boring marketing survey.
The real Van Gogh museum posted an apology on its Facebook page explaining that it had nothing to do with this scam, which was a very shrewd move. The museum’s lesson for other page administrators: regularly search the social network for posts the name of your brand, and look for signs of rogue applications that might be hijacking your name, so to speak.
Meanwhile, a still-spreading attack including Italian language text underscores an emerging trend in security problems on Facebook, namely that these schemes are increasingly showing up in languages other than English.
A virus called Mal/FBJack-A spreading on Facebook promises video of a schoolteacher stripping, but clicking on it only spreads the spam campaign on to other users. Software provided by Sophos can detect this attack and block it from occurring, so we recommend you get the full details from the security vendor here.
Readers, why do you suppose so many rogue applications cropped up on Facebook this morning? When was the last time you reported something spammy-looking to the social network?