Are you on Facebook? Have you ever received a strange message from a friend that looked something like this? I received not one, but two of these in one day.
Sounds too good to be true? Then it probably is. But how did my friend end up posting this to my wall? They definitely couldn’t have posted it manually, because when I view their profile, this is what I see:
So how did my friend end up posting this link to everyone’s wall?
Malicious Script Scam
A very common way Facebook pages spam your friends is through a malicious script scam, which promises something will happen by copying/pasting a line of script into the URL bar. Common messages include getting a Dislike button, seeing who views your profile, or proving that your account is active so Facebook won’t delete it.
In the above screenshot, during that “1 minute of processing”, the script is spamming wall posts to all of your friends. The script is sneaky by using an external script URL so the amount the user copies doesn’t look like a lot. It’s also unbelievably easy to edit HTML to add a Dislike button to make fake proof.
If you’re curious about what the script actually contains, click here to view a screenshot of the full external script code from the above screenshot. See if you can read part of it and figure out what it does.
This script can do anything from sending messages to your friends to giving you a malware infection. The example above only spams your friends and doesn’t actually cause any malware infection, but that may change since its hosted by a third party.
Don’t believe any of these posts/pages because Facebook definitely does not delete inactive accounts, there’s absolutely no way to track your profile views, and there’s no such thing as an official dislike button.
And never copy/paste anything into your URL bar unless you know what you’re doing.
Another way is through giving permissions. They probably unknowingly allowed a malicious or spam application permission to post on friends’ walls. When giving permissions to any third party application, Facebook asks the user to explicitly give the app permission by pressing an Allow button, but most people end up pressing this button without reading what permissions they’re giving.
Some apps ask for permission to do everything, including post on walls and access your data at any time.
Be very careful with what permissions you’re giving to apps. If you accidentally clicked Allow, immediately head to Account > Privacy Settings and then at the bottom, click Edit Settings under Apps and Websites. Remove any application that seems suspicious.
Only allow apps from publishers you trust to access your data and always be alert of the permissions you’re allowing.
Facebook does a very good job with removing spam pages, spam apps, and blocking links, but there’s always some time before a new one comes up and it getting blocked.
And the most important rule with everything is… if it sounds too good to be true, it probably is.
Have you been a victim of these spam posts, whether being the account that’s spamming or the account being spammed? Have more tips on preventing such things from happening? Share your thoughts with us.