What are the odds that you and your friends posted your very first messages on Facebook on precisely the same day? May 2nd 2008.
Wouldn’t it be even more remarkable if you posted that very first message at the same time? 6:57am.
And wouldn’t it utterly blow your trousers off if you discovered that you and your friends also posted the same message at the same time on the very same day? What are the chances, eh?
Well, it’s obviously not true. But a new rogue application spreading voraciously across Facebook appears to be claiming precisely that.
My First Facebook Status Was: Hellllooooo ??? Posted on May 2nd 2008 6:57am Find yours out Here!
Please don’t click on the link. It will take you to a rogue application which will then try to post from your Facebook account as well.
Just because your friends may have fallen for this scam, doesn’t mean that you should to. Be smarter from them, and stay clued up about the current tidalwave of scams we see spreading on Facebook by joining the Sophos Facebook page.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Take care folks. Facebook is becoming awash with these types of scams, and far too many people are falling for them.
Hat-tip: Thanks to our friends at the Scam Sniper blog who sent us a tip telling us about this scam.
Related stories:
- Can you really see who viewed your Facebook profile? Rogue application spreads virally
- My first status scam spreads virally on Facebook
- Google+ invite scam spreads on Facebook via rogue application
- Your Facebook Profile Stalkers exposed? No, it’s a rogue application spreading virally
- Thank you from Google, and Facebook personal messages lead to malware
Incoming search terms for the article:
movieyt scam, This girl got sent to jail for 2 years over a status update she posted, facebook status, first facebook status, status for facebook, facebook first status virus, facebook first status app, This girl got sent to jail for 2 years over a status update she posted!, first facebook post, movieyt fake, my first facebook status, catherine southon, my first status virus, first status app, first facebook status virus, password for www movieYT com, mujahideen hacking unit, girl got sent to jail for 2 years over a status update she posted, first facebook status app, my first status on facebook
What are the odds that you and your friends posted your very first messages on Facebook on precisely the same day? May 2nd 2008.
Wouldn’t it be even more remarkable if you posted that very first message at the same time? 6:57am.
And wouldn’t it utterly blow your trousers off if you discovered that you and your friends also posted the same message at the same time on the very same day? What are the chances, eh?
Well, it’s obviously not true. But a new rogue application spreading voraciously across Facebook appears to be claiming precisely that.
Please don’t click on the link. It will take you to a rogue application which will then try to post from your Facebook account as well.
Just because your friends may have fallen for this scam, doesn’t mean that you should to. Be smarter from them, and stay clued up about the current tidalwave of scams we see spreading on Facebook by joining the Sophos Facebook page.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Take care folks. Facebook is becoming awash with these types of scams, and far too many people are falling for them.
Hat-tip: Thanks to our friends at the Scam Sniper blog who sent us a tip telling us about this scam.
Thousands of Facebook users have been hit by a scam which claims to give them early access to a facebook.com email address.
Messages, appearing in the news feed of users who have fallen for the scam, read:
However, clicking on the links leads you to a webpage which tricks you into giving a third party application permission to post to your Facebook wall.
Don’t, whatever you do, allow the app to have permission to access your profile. Because then it will start to spread the messages even further, starting with your online Facebook friends.
You won’t realise it’s doing that, of course, until it’s too late – as you’re too distracted by the form asking you for your email details.. oh, and the revenue-generating online survey that the scammers have put up in the front of it..
Note, these scam messages are not connected with Facebook’s genuine plans to give everyone a @facebook.com public email address. Facebook expects to roll out that service more widely in the coming months, and will use your “publicusername” when live.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you’re a member of Facebook don’t forget to join the Sophos Facebook page to stay up-to-date with the latest security news.
The controversial anti-Islamist English Defence League has emailed its supporters after a security breach on one of its websites appears to have allowed hackers to get away with a sensitive database of members’ details.
According to a BBC News report, a group called the “Mujahideen Hacking Unit” stole the database of members who had recently purchased items from an English Defence League (EDL) online merchandise store or who had donated money to the group.
The EDL says it has told the police about the security incident, and has sent an email to members apologising for the breach. As the English Defence League is a controversial organisation there will inevitably be fears that members or their families could find themselves under an unwanted spotlight if the details are published on the net.
Many people don’t support the English Defence League, of course, but that doesn’t mean that it’s acceptable to break into systems and steal personal identifiable information about its members.
It’s not the first time that right wing British groups have had problems keeping hold of their confidential membership lists, of course. In late 2008, a membership list belonging to the British National Party (BNP) was published on the web, causing much alarm amongst its supporters.
A former senior member of the BNP was subsequently fined for leaking the sensitive information online.
So, what can other organisations and companies learn from the security breach at the English Defence League and other incidents?
Well, you should be doing more to control the movement of sensitive data inside your organisation. Sophos has integrated data loss prevention (DLP) capabilities into its Sophos Endpoint Security and Data Protection products at no extra charge – enabling businesses to have visibility and control over sensitive data.
Use technology to prevent anyone from trying to steal your data, intercepting files which contain sensitive information such as names and addresses. Also, makes it easy to securely share data by using encryption – that means, even if the bad guys steal your information they won’t be able to decipher it.
Facebook survey scams continue to be a big problem. Just this weekend we estimate that hundreds of thousands of Facebook users have been hit by a resurgence of the “Girl killed herself” scam.
Judging by messages we’re receiving from Facebook’s users, many people are struggling to clean up their accounts after they were tricked into allowing a third party application to post messages from their profile. Of course, these messages look to your online friends as though you posted them, so it’s really important that the problem gets resolved or the scam will just spread more and more virally.
Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you don’t want to get caught out again, or simply want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.
The survey scammers just won’t stop, will they?
Here’s the latest one that some Facebook users have fallen for, believing that a friend is sharing with them a video of pop star Miley Cyrus taking drugs. The surfeit of scams involving Miley Cyrus is making me believe that for cybercriminals she’s the new Paris Hilton (who was, herself, the new Britney Spears).
Firstly, you see a message posted by one of your Facebook friends, looking something like this:
The messages are usually a variant of:
If you do click on the link you are taken to a webpage which works hard to make you believe that you are going to see some sensational video footage of Miley Cyrus doing something that she probably shouldn’t be doing..
Venturing further is where the problems really begin, as you’ll be asked to give permission for a rogue application – written by a third party that you don’t know from Adam – to peruse your Facebook profile and be able to post messages onto your wall.
I can’t say this loud enough – when you see an application asking permission to do something like this, I want you to have a long hard think. Because this is your last chance to stop the bad guys’ dead in their tracks.
But if you do agree to grant the permission, you’ll be taken to an online survey (part of the CPALead network) which earns money for the scammers through affiliate revenue. Underneath the survey is something which purports to be a video of Miley Cyrus smoking a bong – but frankly, why would you want to watch such a thing?
Because while you’re completing the survey, and earning the scammers some money, their rogue application has posted the link onto your wall, sharing it with your friends and thus perpetuating the scam even more. Do you really want to be part of their spam organisation? I didn’t think so..
Furthermore, surveys like this can scoop up your personal information, or trick you out of your mobile phone number – signing you up for expensive cellphone services. Not fun at all.
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Here’s a YouTube video where I show you how to clean-up your Facebook account:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
And don’t forget to warn your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.
With Christmas just around the corner, plenty of people will be buying last minute presents from online stores like Amazon. As you buy presents for loved ones online, you’re always slightly nervous if the gift is going to arrive on time.
And that’s just what malicious hackers are preying on today.
Researchers at SophosLabs have intercepted a malware campaign that has been spammed out, pretending to be a notice from Amazon.com.
The emails, whose headers are forged to pretend to come from order-update@amazon.com, have the following characteristics:
Whatever you do, however, don’t open the attached ZIP file as it contains malware. Sophos detects it as W32/AutoRun-BHY and the ZIP file as Troj/BredoZp-BD.
Remember that cold-hearted cybercriminals don’t give a fig about it being Christmas. For them it’s just another opportunity to fleece the unwary by infecting their computers, stealing data and taking over PCs for their own devices.
The BBC is reporting that the millions of computer users across the EU could be galvanised into joining the fight against cybercriminals, with all data about internet crime collected and “reported online at a national level, in a harmonised way across the EU.”
Those are the words of Rob Wainwright, director of Europol, who briefed a Lords EU sub-committee on plans for a European centre to fight cybercrime.
“For the first time the EU will have a comprehensive overview of reported cybercrime from within its own borders and this could even include, in the future, a component of direct engagement with the public,” the BBC reports him as saying.
Certainly, greater co-operation between the various computer crime authorities in the 27 EU member states is no bad thing, and you can imagine the advantages that would bring in hunting down those responsible for sometimes complex and sophisticated crimes.
But I have to throw in a note of caution about the idea of members of the public scouring the net for evidence of cybercrime.
Although done with the best of intentions, I would hate to imagine that members of the public inexperienced in the ins-and-outs of computer security would become “Digital Miss Marples”, attempting to uncover wrongdoing on the net.
Let’s not forget that internet crime is often a more serious business than the graffiti, littering and dog fouling crimes that many neighbourhood watch schemes can deal with on a regular basis. Surfing from website to internet forum, piecing together clues to send to the police, may expose your computer to threats – such as malware infection or identity theft – unnecessarily.
Furthermore, with those behind internet crimes being no longer disaffected teenagers but serious hardcore criminals, you’d best watch out if they find you poking them with a stick.
Yes, I strongly believe that it should be simple for members of the public to report computer crime, but I would urge a note of caution that users also need to be advised to put the security of themselves and their computer as a priority rather than the hunting for clues.
Private industry (such as the computer security industry and financial services) can probably play an important role in helping the fight against cybercrime, but investigations into using crowd sourcing should not be rushed into before proper consideration of the safety issues are considered.
Unlike graffiti tagging, where you spray-paint your name onto someone else’s property, Facebook lets you paint other people’s names onto your pictures.
So even people who aren’t on Facebook, or who choose not to identify themselves openly in uploaded photos, may nevertheless end up easy-to-find online.
At the end of September, Facebook made it easier to tag individuals en masse, by allowing you to select and annotate a whole group of uploaded photos at once.
Now, you won’t need to select or group the photos yourself. Facebook will use facial recognition to match the people in your photos with other images in which they appear. It’s not yet completely automatic – the tags are just suggestions – but it sounds creepy nevertheless.
You can opt out of auto-suggestion (no pun intended), but it sounds as though this feature is going to be enabled by default, since Facebook’s announcement advises that “you will be able to disable suggested tags in your Privacy Settings.” And you will be notified whenever you’re tagged, but only in case you want to untag yourself, not in order to confirm that you want to be tagged in the first place.
A small mercy is that tagging only works between friends, or what Facebook calls friends, which limits the creepiness somewhat. Nevertheless, it does mean that once you’ve been identified to Facebook by one friend, you run the risk of being identified by Facebook to other friends – even those very loose friends who might not otherwise have remembered you, let alone your name.
If that’s not something you’re comfortable with, then be sure to watch out for this new feature (it’s coming to US users first), and turn it off.
Perhaps, indeed, like the vast majority of readers in our recent poll on this issue, you think that Facebook features should by opt-in by default, rather than opt-out. If so, why not write to Facebook and tell them so?
In fact, here are some words, from an earlier post of mine about Facebook and privacy, which you are welcome to use:
More than a decade ago, Scott McNealy, then CEO of then-Sun, famously said, “You have zero privacy anyway. Get over it.”
Don’t let this throw-away remark come true. Privacy matters.
If you’re on Facebook and want to stay ahead of the curve on security threats, join the thriving community on the Sophos Facebook page.
Scams continue to be a nuisance on Facebook, with the latest posing as a way to get free cash for your farm in the popular online game FarmVille.
If you’ve seen messages like the following, don’t click on the link:
The offer describes itself as the “310 FV Cash Christmas Offer [Zynga Official]“, but there’s nothing official about this offer and it didn’t originate from FarmVille’s developers.
If you did make the mistake of clicking on the link, however, you find yourself taken to a webpage that certainly presents itself as though it is connected with FarmVille.
Which, in turn, invites you to grant permission to a third party application to gain access to your Facebook profile.
Agreeing to this would be a mistake that plays straight into the hands of the scammers, as it gives them the ability to access parts of your Facebook profile – including the ability to post messages as though they come from you. In this way, they invite others to click on the link (your friends may be more tempted if they see “you” talking about the free FarmVille cash), and so on..
Here you can see other wording used in the scam, designed to trick your online friends that this really is an official Zynga-endorsed offer:
So, why are the scammers doing this? Well, it appears that as usual they were attempting to drive traffic to a revenue-generating survey.
However, when I checked the scam out it appeared that their attempts to host code at the 123ContactForm service had flopped, as administrators there had replaced it with a warning that their terms of service had been breached.
Nevertheless, that isn’t enough for the message to stop spreading rapidly across Facebook.
Don’t allow scams like this to pollute your Facebook page – always think twice before clicking on links, even if they seem to have been shared with you by your online Facebook friends.
In particular, you should always be suspicious whenever a third party application requires to access their profile without a legitimate reason.
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Don’t forget to spread the word, warning your friends about scams like this and teach them not to trust every link that is placed in front of them. Learn more about Facebook and internet security threats by joining the thriving community on the Sophos Facebook page.
Every year we run an investigation into how many of you are being hit by threats (such as spam, malware and phishing) on social networks. Well, it’s that time again!
This year, to encourage you to help us, we’re offering a marvellous prize.
The LEGO Miindstorms NXT 2.0 is a kit for building programmable robots. According to the blurb it “combines the unlimited versatility of the LEGO building system with an intelligent microcomputer brick and intuitive drag-and-drop programming software”.
The guys in our labs suggested it as the kind of the thing they would want, but would never be able to convince their partners that the expense was justified. So now’s your chance!
It comes with everything you would ever want: a 32-bit microprocessor, a large matrix display, 4 input and 3 output ports, and Bluetooth and USB communication link, three interactive servo motors, four sensors (Ultrasonic Sensor, 2 Touch Sensors and the all-new Color Sensor). And – of course – you can program it from your PC or Mac.
Sounds fun, eh?
To be in the running for this fabulous prize all you need to do is fill in a quick one-page survey about threats on social networking sites like Facebook and Twitter.
The only way you can be win is to take part in the survey. Chop chop!
Take Sophos’s survey into social networking threats now
Small print: We have to ask you for your email address so we can contact you if you win the prize, but feel free to ignore it if you’re paranoid. Of course, you won’t win the prizes then – but you’ll still have helped us with the survey.