The Facebook Scam Invasion Can Now Phone Home

We have frequently reported on rogue Facebook applications - these appear with such regularity that it nearly does not make sense anymore to alert you individually about every enticing message used.  New ones are popping up like mushrooms every day...actually even faster than mushrooms.

Here is a selection of some of the scam messages active right now:

 

 

These rogue Facebook apps are expanding fast and we have seen them with many different topics and also in different languages. Below you can see an example of the German version of the “girl killed herself, after her dad posted this to her wall” scam.

 

The method is nearly always the same. As soon as you grant the application the requested permissions it will start posting the same enticing message to your profile wall, making it appear in all your friend’s update feeds. This explains why it spreads so fast. Meanwhile you are asked to complete an online survey before you can see the promised image or video.

Some of them are quite successful. The statistics from the link shortener show click-through rates of a few thousands up to a few hundred thousand users per campaign with each of them potentially earning the creator a small commission for each completed survey.

Newer versions now even contain a link to a privacy policy and terms of service, in which the developer clearly states what they will do and what the application is all about:

IT WON’T TELL YOU WHO STALKS YOU THE MOST, IT IS AGAINST FACEBOOK’S TOS AND NOT ALLWOED TECHNICALLY, INSTEAD IT WILL PRINT YOUR RANDOM FRIEND.

By pressing Allow you are agreeing to:

  1. Post to my wall. The application will make one wall post with attachments informing your friends about itself and its whereabouts.
  2. Data access. The application might do wall posts on your account’s wall any time.
  3. Advertisements. By entering the application you might receive advertisement messages which are not obligatory for you to click on.

Fair enough, this is exactly the behaviour that we noticed. Although I have to confess that I was a bit puzzled when I read the following extract from their privacy policy:

The Way We Use Information:  We do not use your private information in any way or form.

This does sound nice but is hard to believe, given the fact that they said before that they might send you advertisements.

Let’s hope that it does not get worse in the future, and is not impacted by the opening up of access to Facebook for third party application developers. They can now ask for permissions to access a user’s phone number or postal address. This means that applications can now access all your private data including email, postal address,and phone number if you allow the app to do so. You still have to manually grant the permissions, so it is that little click that matters.

Therefore you should be even more vigilant when installing applications on Facebook and also about the information that you make available in the first place. Read carefully what data it will access and consider whether a given application really needs to access the requested information, like your phone number, in order to display a fortune cookie message. If you are in doubt, then do not install the application as it’s most likely just another scam.

Update:
After a weekend of testing the Facebook team announced that they will put this new feature on hold and are making changes to help ensure that users only share this information when they intend to do so.