“Official Profile Viewer Application” Facebook scam
After many, many offers of applications that supposedly show Facebook users who views their profile the most, has the time finally come when these lures don’t work as they used to? Or have the scammers simply decided to increase the number of victims by simply adding that the application offered is “official”?
Whatever the reason, the offer differs from earlier ones in many aspects, and it seems that the scammers have pulled all the stops and have decided to take everything they can.
There is actually no “Official Profile Viewer Application” – rogue or legitimate. The Social Tagging Worldwide page asks the user to paste a JavaScript in his browser’s address bar, claiming the process is designed to prove that the victim is a Facebook user.
What does the script actually do? It invites all his friends to join a Facebook group.
“When you explicitly enter a piece of JavaScript, you’re effectively authorizing your browser to run that script in the context of the site you’ve just visited,” explains Sophos. “You are effectively bypassing any sort of cross-site scripting protection which either the remote site – in this case, Facebook – or your browser might have in place.”
Once he has done all this, he is asked to prove that he’s a human by taking a survey that will also make him eligible for winning an iPhone or iPad. But, in order to enter in the competition for the wonderful prizes, there is another hurdle the user must cross: sending an SMS to a premium rate number, giving up his phone number and carrier and signing up for SMS marketing.
This scam has been cleverly designed to milk the most out of a duped user. A filled-out survey? Check! SMS to a premium rate number? Check! Phone number and carrier information that can be used or sold to other scammers? Check! And in the end, the users is none the wiser as to who is stalking him on Facebook.