With a billion members, active social circles and more than it's fair share of relative newbies to the world of online security, it should come as no surprise that Facebook continues to be the focus of much attention from those who would do you, your data and your bank balance harm. The latest scam to grab my attention, and unfortunately also lots of those with much less IT security know-how, promises to Facebook profile pages black rather than the default blue.
The distribution channel for this scam is the commonly used one of combining event invitations from Facebook friends who have already fallen for it, along with newsfeed images showing the newly blackened Facebook pages. Graham Cluley, the senior technology consultant at security outfit Sophos investigated the scam from a secure test account. I've known Graham for close on twenty years now, and would suggest when he warns to 'think twice' before clicking these links that you heed that warning lest you want to help the scammers further spread the thing and make plenty of money in the process.
Rather typically for this kind of scam, Graham quickly found himself bounced across web redirects after clicking the make my profile black link on Facebook, eventually arriving on a 'change Facebook color' page that pops up a box insisting the user must take a survey before continuing or being able to turn their Facebook profile black.
Yes folks, it's that old 'complete a survey, earn us some referral commission, and end up with nothing to show for it other than perhaps a malware infection' type of affair. In this case it looks like a straight case of getting the survey completion cash at the moment, without malware being installed as part of the deal. However, as these scams evolve and morph all the time who knows if or when malware will be injected into the equation and onto your computer?
"It's interesting to see that the scammers behind this particular campaign have clearly dusted off some webpages they used in previous scams, as several point towards past campaigns such as the 'Remove Your Facebook Timeline' scam from earlier this year" Graham points out, adding "unfortunately, many Facebook users will be too excited about the prospect of perhaps changing the look and feel of Facebook that they will not spot suspicious clues."
The usual advice applies for those who already clicked through to this scam, and that is to take the precaution of ensuring that they have not authorised any rogue app to access their account and post on their feeds, remove any messages, likes or images that have been posted, and if an app has been installed then report it to Facebook as spam.