A few days ago, we encountered the teen celebrity FaceBook survey scam. This scam appears on your wall when any of your friends click a link. Several appeared on my wall a few days ago. The scam is discussed in good detail by Graham Cluley on nakedsecurity.sophos.com. This scam has been around since last fall. According to another related article, the photo was one of several stolen when a computer on which the teen celebrity had private information was hacked.
You should be able to click the link and in the App Permissions dialog box that opens refuse to let the app have at your private data: contrary to the information on sophos, the scam now DOES NOT go through the Application Permissions dialog — it has circumvented it and trees off to another web page. We initially reported the SPAM to FaceBook with the link under the X button that appears in the upper right corner of every post when your mouse passes over the post. Looking at the source code for the post lead us to ping a particular URL, which showed us that the scam was running from a server farm in Dallas Texas, which shall remain unnamed for now as finally they have started to cooperate in shutting down this scam instead of facilitating it.
We take extreme exception to the fact that they still refuse to block a picture of the 15 year old girl wearing only her panties about her hips, especially when the security staff of that hosting company admitted that they knew that the picture was pirated intellectual property. We feel that this puts that hosting company in the position of receiving stolen property. Tests today revealed that this hosting company finally has blocked the scammers to some degree. They moved to another IP on the same hosting company, but that got blocked also, so maybe the scammers will be forced to move to another hosting company, and another, and another.
HOWEVER I now have found a way that DOES shut it all down, the criminals cannot get around it, and all it requires is the participation of you, the FaceBook customer.
1. Install Google Chrome for your computer, or another web browser in which you can control which web sites are allowed to run javascript.
2. These next steps will turn javascript off by default. There is a really easy one-click way to turn it on for the sites you trust, which I will show you in a moment. Here is how you shut it off in Google Chrome: click the wrench in the upper right corner, then click Options. If you are using Linux click Preferences, Options is on Windows.
3. Click Under the Hood, then Content Settings, then Java Script, and finally check the radio button that says DO NOT ALLOW any site to run javascript. I’ll show you how to let sites you trust run javascript in a moment. Just click it.
4. Click the close buttons to return to browsing. Javascript will now be OFF unless you tell it otherwise.
The reason this works is that the scammers depend upon your browser trusting them to do anything they want on your computer. Their FaceBook link actually jumps off of FaceBook — ‘trees off’ like a racoon trying to escape a good ‘coon hunting dog — by skipping to another web site. This other web site runs javascript to “like” their scam page and copy it to all your friends walls without telling you. It also will try to get you to “take a survey” to see the “other pictures” — according to the article on Sophos, the scammer gets paid for every fool who “takes the survey”, and no you probably won’t actually get to see other pictures later. This is very similar to how infected web sites sneak viruses onto your computer with the infamous “drive by download”. Turning off javascript by default stops them.
NOW how do you enable javascript for sites you trust, for example your bank or FaceBook, that need it? EASY. In the upper right corner of the URL box, next to the wrench and the star, a special symbol will appear for only web sites who need javascript when it is not turned on. Just Click It. On that web site, javascript will be allowed to work. On new web sites that you do not yet know if you trust, javascript will not work until you click the little icon.
This is a simple solution that every FaceBook customer can use to protect her or himself from exploitation. This is also a good policy in general because many of the viruses and other malware planted on peoples’ computers must have javascript to work. By turning off javascript by default, you are protected. At least until you click the little button to turn it on.
So be sure, be cynical, and practice safe software.
1 thought on “How to Crush FaceBook SPAM Scams”
Comments are closed.