Facebook survey scam with a twist

Facebook survey scams that lure in users with promises of being able to see who looks at their profile are nothing new, but here is one that has some unusual twists and merits a mention.

According to Zscaler, when the user clicks on the link in the message found on his friend’s wall, he is immediately taken to a page where a pop-up window shows up and actually gives a concrete answer to the question of how many users are viewing his profile – even before asking him to complete the survey (click on the screenshot to to get to the big version):

Unfortunately, the answer isn’t true. The number in the message is randomly generated each time one accesses the page.

“The page also suggests that the user must copy and paste JavaScript into the address bar, which will of course execute the JavaScript in the context of the victim,” explains Zscaler. “Once the users run that malicious code, they are presented with some fake messages requiring that they undertake surveys or view additional messages.”

This particular scam does not limit itself to posting messages on the victim’s friends’ walls, but also sends the same messages to them via the chat feature.

And, quite unexpectedly and bizarrely, the code they pasted in the address bar also forces them to become a fan of “OSAMA” Facebook pages. I wonder what’s that all about?

UPDATE 18.05.2011.:
“I’ve been monitoring the slew of Facebook scams that have been spreading throughout the site for the last few weeks. The reason you’re seeing the OSAMA fan page text in these is partly due to laziness on the people jumping on this bandwagon. The JavaScript code that was being used was plucked from some of the OSAMA scams at the beginning of the month,” explains Satnam Narang, a Threat Analyst with M86 Security.

“The people who were creating these Profile Viewer scams and others were using the same JavaScript code and didn’t bother to change the text. They just made changes to it that would spread their own messages and spread to users’ wall posts. I did come across some that changed the “Like” behavior, so that a user is automatically set to like different pages. They also may have not bothered to change the commenting done in the JavaScript and left it to say ‘Like Osama Page 1’ rather than ‘Like “I Like Pets”‘ (which, by the way, was a page that managed to get 300,000 likes).”

Don't miss