Applications that promise to show Facebook users who has viewed their profiles have been around as long as Facebook itself, and despite countless warnings that they are fake, they live on, much like the emails from Nigerian oil company officials seeking recipients’ bank account information so they can transfer large amounts of money into them.
Typically such messages, shared with you by your already duped Facebook friends, lead to a rogue application or money-making online survey.
Once you have handed access of your account over to a rogue app, the scammers behind it can post whatever they like to your profile — including spammy and malicious links.
And these scams aren’t just a problem today — there has been a constant stream of them hitting the accounts of innocent Facebook users, day after day, week after week.
Rogue applications can be used to scoop up personal information, or spread spam and scams rapidly across the social network. If you mistakenly installed a rogue app, remove the messages from your timeline, revoke the app’s publishing rights, and report it as spam to Facebook, and ensure that you have revoked its access to your account.
And don’t forget — Facebook does not give you any way to find out who has been viewing your profile. Any application or link that claims it can reveal to you who has should be treated with great suspicion.
Cluley placed part of the blame for the continued existence of these apps with Facebook itself, writing:
I’m sure Facebook’s security team has the best intentions, but my guess is that they are putting less focus on rogue apps and survey scams than other attacks on the site’s 900 million users. These scams may not be as important as Facebook-aware malware and site-wide vulnerabilities, but they still need to be dealt with.
Facebook isn’t prepared to vet apps, leaving the door open for anyone to write a rogue application that can be used to hijack the accounts of the unwary.
Readers: Should Facebook put more of an emphasis on eliminating these types of apps?
Screen shots courtesy of Sophos’ Naked Security.