My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

A New Facebook Scam to Threaten Users

May 5, 2012

Doctor Web, a Russian IT security vendor, warns about a new scheme of scam and fraud to emerge in Facebook, the world's most popular social network. Attackers have adopted the scheme notoriously known to Russian participants of Vkontakte and Odnoklassniki social networks, and created a special application for Facebook called Profile Visitor, which requests access to a user's wall, promising to show the list of those who visited his page. But in fact, this application posts a picture containing a link to the fraudulent website instead. In their turn, the victim's friends on Facebook are notified that they are alleged to have been marked in this picture, which extends the spread of the malicious link.

When visiting his page on Facebook, a user can have a look at the news feed and find a link to the Profile Visitor allegedly capable of recording and showing visitors of his profile on a special web page. As a rule, that link is published on behalf of a friend of the user, and leads to a Facebook embedded application page. To activate the application, it needs to be allowed to publish content on behalf of the user account. As soon as an unsuspecting victim clicks Allow, a link to the application posted on his behalf will appear on the wall of his profile and in the news feed of all of his friends as well. However, even if the user does not allow Profile Visitor to publish anything on his behalf, everyone who is registered in the list of his friends, will be automatically marked in a "picture", which is actually a Profile Visitor banner link. A notification of the event will be automatically sent out to the contact list on Facebook.


After that, the victim's browser will automatically open a malicious web page that contains a dynamically changing array of links. Clicking on any of them, the user will be redirected to a variety of fraudulent websites whose content depends on the visitor's IP address. For example, some of them require your credit card details to allow access to the information, while others want you to enter your own phone number into a special form, and then type a code received in a reply SMS in the corresponding field. This method is mostly practiced in regards of Russian-speaking visitors: that's how scammers sign up a victim to a kind of a paid "information service", for the provision of which a certain amount will be debited from a victim's account on a monthly basis.


By clicking on fraudulent links you can get to resources containing pseudo draws promising a variety of prizes, online casinos, psychological tests, individual diet selection services, etc. All of these sites are automatically blocked by the Dr.Web SpIDer Gate filter embedded in Dr.Web products.



Previously, these scams have been repeatedly used towards Russian users of Vkontakte and Odnoklassniki social networks, but now network crooks apparently decided to pay attention to residents of foreign countries. Doctor Web strongly recommends Facebook users not install Profile Visitor and not click on the links with this application, which are published in their news feeds, as well as always be cautious and circumspect.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments