There’s a post making the rounds on Facebook that says you’re going to have to start paying for your profile. Like many other posts, it’s false. It’s also risky.The messages appearing on friends’ walls are a variation of this:IT IS OFFICIAL. IT WAS EVEN ON THE NEWS. FACEBOOK WILL START CHARGING DUE TO THE NEW PROFILE CHANGES. IF YOU COPY THIS ON YOUR WALL YOUR ICON WILL TURN BLUE AND FACEBOOK WILL BE FREE FOR YOU. PLEASE PASS THIS MESSAGE ON, IF NOT YOUR ACCOUNT WILL BE DELETED IF YOU DO NOT PAYIt’s foolish to blindly accept and repeat something like this as fact without doing your homework first. But here’s why it’s also a security hazard: Attackers who use social engineering tricks to dupe people into clicking malicious links will study your behavior so they can concoct the scam you’re most likely to fall for. If they see you posting this stuff, even once, they will come at you with all kinds of phony “warning” messages. If you’re gullible enough to post the other stuff, they reason, you’re also going to open links you shouldn’t trust.What’s more, they know they can count on you to repost the other crap they toss out there. My friend Graham Cluley at Sophos has been posting about this problem in the company’s Naked Security blog. In the most recent post, he wrote:A hoax claiming that Facebook is planning to start charging users continues to spread across the social network, and has now been adapted by mischief-makers into a claim that the service will be free if users forward a message before midnight.Duped users are sharing the message with their online friends, believing it will help them avoid charges of between $3.99 and $9.99 per month.It’s amazing what people will believe when they are sent a message from a trusted friend – but let me assure you, Facebook is *not* going to ask you for your payment when you sign onto the site tomorrow morning. And no, the announcement of Facebook beginning to charge its users has *not* been on the news.As I explained at the end of last week, these claims are complete and utter poppycock. If a friend of yours forwards you the message, admonish them for spreading a chain letter and suggest they inform all of their friends that they were mistaken.For those who need to brush up on the social engineering threat, I recommend the following: Social Engineering: The BasicsSocial engineering techniques: 4 ways criminal outsiders get insideSocial engineering: 3 mobile malware techniques–Bill Brenner one-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Sign up today.Get your morning news fix with the daily Salted Hash e-newsletter! Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe