A new Facebook scam lures users into signing up for premium mobile services and spamming their friends by promising to show a list of profile visitors. It even instructs users to disable ad-blocking programs.
It all starts with a spam message received from one of the victims, which reads “OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH ? --> [URL]” Following the included link takes users to a site on an external domain called ilikefacebook.in.
The site displays fake Facebook-style notifications claiming to be example of alerts users will receive when someone views their profile. The logo for a well-known rogue Facebook app called Profile Spy is also shown on the page.
Users are also told that in order to sign-up for the Profile Spy application they need to like and share the page. At the time of writing this article around 29,000 users clicked the “Like” button and 27,000 the “Share” one. Posting the spam message manually in five different places on Facebook is also allegedly required.
Finally, after the victims have heavily spammed their profile with messages promoting this scam, they are taken to a window claiming that they also need to take a survey. “Then the 'verification' launches you into one of those endless surveys (you get a choice of six) the point of which is to collect your cell phone number so you can be billed $9.99 per month,” Tom Kelchner, a security researcher at Sunbelt Software, who analyzed the attack, warns.
People should be aware that there is no feature on Facebook which allows viewing profile visitors; and considering the privacy implications of such functionality, it will probably never be allowed. Therefore, any message or application that claims otherwise is most definitely a scam.
You can follow the editor on Twitter @lconstantin