Social Media Spying Scams Claim Thousands of Victims

Thousands of victims have fallen for a unusually stubborn scam circulating in various forms on Facebook promising to show users who has been looking at their profile, warns Bitdefender® , the award-winning provider of innovative antivirus solutions.

Dozens of “guess who saw your profile” apps, with promises to reveal information about Facebook stalkers and viewers, have collectively exposed thousands of Facebook users to a serious risk of identity fraud, with one scam alone generating more than 5,000 “likes” as it claims unwitting victims. By stealing Access Tokens, these apps may post on users timeline, access their pictures and personal information for phishing, fraud and targeted spam attacks.

“It’s interesting to see this scam re-emerging but curiosity is a powerful lure, and this is something we’ve been advocating for years when it comes to the way Facebook criminals employ curiosity to trap victims,” said Bitdefender Chief Security Strategist Catalin Cosoi. “Once trapped, the user is then unwittingly duped into `liking` the scam and passing it on to curious friends. Your identity is stolen and you put your friends at risk at the same time. It`s key to remember this: No legit application is able to show us who`s looking at your Facebook account.”

After highjacking a legit photo application with all its permissions, one of the scams lures users with a three-step process to allegedly track their profile viewers. Users are instead sending their access tokens directly to cyber-criminals` data base. The scam also promotes other suspicious social and dating applications, seeking information about users` friends and automatically posting on their timelines.

This type of scam also makes victims in French-speaking countries, with messages such as “Enorme Remerciement a l’equipe Facebook pour nous avoir finallement donne quelque chose pour voir qui visite notre profil!” (“Big thanks to the Facebook team for finally giving us a tool to view who visits our profile”).

Other popular scams making victims on Facebook include “See total friends who deleted you”, “Goodbye blue Facebook,” and “Get your free 5000 Facebook credits.”

Bitdefender blocks this type of application as fraud and advises users to keep their browser, software and antivirus updated. Users can also install the free application Safego, which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure.

This article is based on the technical information provided courtesy of Andrei Serbanoiu, Bitdefender Software Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.