Facebook survey scammers rarely deviate from the well-beaten path that includes luring the users in with shocking content or promises of seeing who views their profile, making them install a rogue application in order for the bait message to be propagated through their circle of friends, and urging them to complete a survey in order to see the promised content or simply to “prove they’re human”.
But, the scammers have strayed a little from that route with the latest scam and made it so that the user is asked to complete a survey every time he visits facebook.com.
The scam lures victims in with the classic offer to see who is checking out their profile. After having given the rogue application the permission to post stuff on its profile, the user is taken to a page where he is urged to download the Firefox browser and install a Firefox extension that will purportedly allow him to see who’s visiting his profile:
Unfortunately for him, what he really installed is an extension which opens a remote site in a pop-up browser window each time the user visits Facebook, and encourages him to complete a survey.
“Currently, the pop-up window promotes the same profile view feature scam mentioned beforehand, but this time the user has to fill in surveys in order to get through to it. Of course, this content could be changed at any time to something even more dangerous,” warns Symantec.
Luckily, the extension is easily removable from Firefox – the user just needs to go to Tools-> Add-ons, choose the facebookconnect 1.0 extension and uninstall it. He also needs to clean up his Facebook news feed and revoke the permissions he has given to the rogue application.