Facebook 'dislike' button scam spreads virally
An add-on that promises to add a 'dislike' button to profiles cons users into taking surveys, says security firm Sophos
By Joan Goodchild , Senior Editor
August 16, 2010 — CSO —
The latest viral scam making its way around Facebook is a lure that asks users if they want to install a "dislike" button, according to security firm Sophos.
Also see: 5 Facebook, Twitter scams to avoid
The scam, like previous ones that promise users certain content for clicking on a link, tricks Facebook members into giving a rogue application permission to access their profile and then posts spam messages from the victim's account and requires the completion of an online survey in order to proceed to the "dislike" button. Last week, a similar ruse made the rounds and offered a video of an Anaconda snake coughing up a hippopotamus. Like the snake-video scam, the "dislike" button scam asks users for permission to access their profile and write on their wall before they can install the application.
"If you do give the app permission to run, it silently updates your Facebook status to promote the link that tricked you in the first place, thus spreading the message virally to your Facebook friends and online contacts," according to a blog post from Sophos' Graham Cluley. "But you still haven't at this point been given a "dislike" Facebook button, and the rogue application requires you to complete an online survey (which makes money for the scammers) before ultimately pointing you to a Firefox browser add-on for a Facebook dislike button developed by FaceMod."
Best practices for safety on social networking sites in Social media risks: The basics
Cluley notes that there is no indication that the makers of the "dislike" button, FaceMod are connected with the scam. Their browser add-on is simply being used as bait, said Cluley.
If you want to try out FaceMod's add-on get it direct from the Firefox Add-ons webpage, suggests Sophos, who note they are not endorsing the add-on and have not verified that it works.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild