Facebook ‘Dislike’ scam spreading fast

An increasing number of web security firms are warning Facebook users to be wary of a convincing viral scam on the social network which invites users to click a link to enable a new ‘dislike’ button on their profile.

Once a user clicks the link the scam message will be posted on their friends’ walls, the user will also be taken to a page which asks them to copy a line of JavaScript into their browser’s address bar.  The code takes the user to a scam survey and could be used to run malicious code on their computer.

Graham Cluley from the U.S web security firm Sorphos first blogged about the scam today,having seen a significant rise in the number of affected accounts over the weekend.

The scam is designed to generate revenue for the perpetrators through the fake survey.

This scam copies Facebook’s genuine method of testing advanced features by allowing users to manually enable them.  For example, at the moment Facebook users can enable Facebook Questions on their account by visiting this link.  Without doing so the feature will not appear on their profile.

The scam can be identified by text similar such as “Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!” accompanied by a link to “Enable Dislike Button.”

The Managing Directory of the Irish IT Security company Threatscape, Dermot Williams, says social networking users should not “implicitly trust messages received from their social networking contacts” and advises users to be suspicious of unsolicited messages.

Mr Williams said, “[The scam] exploits users’ insatiable appetite to try out new features on their favourite sites… It tricks users into manually performing the actions required to propagate the scam.”

He goes on to advise social media users not to be lulled into a false sense of security online.

This scam is the latest in a series of similar spamvertising tricks used on Facebook in the past few months.  Most recently one successful scam duped users into clicking a link which claimed would show leaked video of Osama bin Laden’s death.

Source: Sophos / Threatscape