My 1st St@tus scam hits Facebook users hard, spreads virally From Sophos

My 1st St@tus scam hits Facebook users hard, spreads virally

RSS logoHi there! If you’re new here, you might want to subscribe to the RSS feed for updates. X
Filed Under: Social networks, Spam
Thousands upon thousands of Facebook users have been hit by a new survey scam spreading virally across the social network.
Messages claiming to be users’ first ever Facebook status updates are being posted on users’ walls by a rogue application, designed to earn revenue for the scammers behind the attack.
Here’s what some typical messages look like:
My 1st St@tus

My 1st St@tus was: "[random message"]. This was posted on [random date]
Find your 1st St@tus @ [LINK]

If you click on the link you are taken to a rogue Facebook application, which asks you to give it permission to access your profile, which includes giving it the ability to post from your account in your name.
My 1st St@tus
Sadly, many people are all too quick to give permissions to rogue applications like this free reign to their Facebook account – allowing scams like this to spread rapidly and virally between Facebook friends.
If you are foolhardy enough to continue, you are taken to a webpage which contains a survey. This is where the scammers behind the scheme make their money.
My 1st St@tus
Every survey which is completed earns them some commission. In some cases they might also ask for your mobile phone number in order to sign you up for an expensive premium-rate service.
And you? Well, you’ll find that the rogue application has meanwhile taken the opportunity to post a message on your Facebook page, which is now being seen by all of your online friends. When I deliberately infected a test account with the rogue application it got my first status message incorrect, as well as the date that I first posted to the Facebook account.
My 1st St@tus
So, in other words, it’s a complete confidence trick. It doesn’t tell you your first status message on Facebook – and it’s only intention is to drive as many people as possible into sharing the link (which can vary – we have seen several examples) further and further across Facebook, earning the scammers money.
Regular readers of the Naked Security site will be all too familiar with survey scams and rogue applications, and realise the dangers in allowing an app written by unknown third parties to access their Facebook profile. But there are plenty of others out there on Facebook who are still oblivious to scams like this.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Keep your wits about you and stay informed about the latest scams spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where a 50,000-strong community is regularly sharing information on threats and discussing the latest security news.

, , ,

About the author

Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of “Twitter user of the year” too. Which is very cool. You can contact him at, or for daily updates follow him on Twitter at @gcluley.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: