My Spammy Valentine

Dearly beloved, we are gathered here today to join this lovely Facebook user and this good-looking “can’t wait for you to turn your back on me so I can stab you” princess/prince of an app. Ta-daaaam. (this could be a good idea for a replacement of the infamous “Allow” button… the “I do” button. But more on that later on. Much later.).

These days, online social platforms have caught a whiff of the pestiferous Valentine’s interrogatories that are beginning to spread through the cities of the real world. “Will you? Won’t you? Why the….won’t you?”. It’s all about finding out who will be the ONE. Or how to get the ONE.

Let’s take these beauties one by one.

First move: Wooing . How to make her fall head over heels for you? It’s simple. Go on your Facebook account and see if you can find the “12 things a girl wishes a guy knew”. Faced with the possibility of having this geyser of truth sprinkle your path to amorous glory, what would you do? CLICK?

Hold your horses. It’s a very, very long way to Tipperary and  to a girl’s secret wishes. Click 1.

Another click and the Permission page is up.

Access your data. Check. Post to your Wall. Check. Shall we Allow it? Let’s.

There you have it: daily server maintenance (oh, no
!).  Not the answer you expected? You bet. This is just an excuse the bad guys invent so that you don’t worry too much. After all, oracles need to take their time. Let it be for a while and you’ll see that when you come back to your wall, you’ll find it plastered with posts automatically published by this little wonder. They’re all over the place.

On your wall.

 

And on your friends’ walls.

A nice mess courtesy of the Girls Only Wish app.

Second move: Check whether you have a secret admirer who’s too shy to approach you. This is the stuff romantic movies are made of. And Valentine’s Facebook scams.

Permission to come aboard your account! ALLOWED?????????????

Say yes (or I do) in this case, and you’ve got yourself another little pest. Automatic messages on your account and on your friends’ walls and a whole lot of explaining to do. Just think of it this way: if you’re planning to keep this little detective work of yours as discreet as possible, you won’t stand a chance. You know what they say: the writing’s on the wall.

Third move: How about some nostalgic love then? Anyone in your past who might still have a soft spot for you? Apparently, some scammers have got that covered too.

Yes, I can hear you go:” No, not see who viewed your profile again!”. What can I do? It’s fated to be this way.

However, the classic recipe is spiced up a little bit this time. You know the “copy this piece of code and paste it into your browser” trick. We’ve got it!

What happens if you disregard any warning and actually go where so many others (unfortunately) have gone before? Your piece of code will kindly become your loquacious spokesperson and post messages on your friend’s wall without any indication that they were published “via app x” (different from the case discussed above). Moreover, the little bugger will quote some other friends of yours as if they also participated in the discussion between you and your first friend/victim.

This means that the quoted friends will also receive an e-mail in their Inbox whereby they will be informed of their alleged participation in the discussion that took place on Facebook. Guess what those friends might be inclined to do when they find this out? Click the link and fall prey to the scam, you say? Most probably. And the vicious circle keeps rolling.

To give you just an idea of how big this “my ex tsunami” has got, here are some statistics: one URL equals 27,822 clicks. Pretty impressive, don’t you think?

As always, BitDefender safego is there to help you keep your accounts safe in these highly emotional times.

Happy sharing, everyone!

This article is based on the technical information provided courtesy of George Petre, BitDefender Threat Intelligence Team Leader

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.