Facebook Survey Scams
The trend of exploiting current news events to carry out scams and distribute malware continues to be a fact of internet life. Like any con, bait is used to lure the victim, usually a video clip showing anything from celebrity misadventures to sensational hoaxes.
On March 11 2011, a massive 8.9 magnitude earthquake hit off the coast of Japan which triggered a tsunami and caused significant damage to multiple nuclear power plants. News coverage was ubiquitous, broadcasting spectacular and distressing footage of the effects of the tsunami and damage to nuclear power plants.
The most valuable and successful bait for scammers involves leveraging the most tragic events knowing that huge numbers of people will be following them via news feeds and social networking sites. Troublingly, unscrupulous profiteers take advantage of human suffering in the form of Facebook survey scams by exploiting natural curiosity towards the disaster.
The goal of the survey scam is to collect as much information as possible from the user in exchange for something, in this case a clip entitled "Japan Tsunami sucks in WHOLE village!" Before users get access to get to the video, they will have given out a huge amount of personal information to... well, you don't really know for sure who or what they plan to do with it.
How the Survey Scam Works
Exposure to the scam starts from a link to the tsunami video clip via a friend's Facebook wall - if you want to see this clip, you have to jump through some serious hoops before you get to it.
To start with, the scam requires the victim to log in to Facebook and allow the 'Japanese Footage' app.
Alarm bells should ring at this point — do you really want to give some random app permission to post to your wall or access your data? The answer is, of course, no. The advice is to click "Don't Allow" and visit a trusted news source for images and footage of the recent events in Japan.
However, in the interests of science Lavasoft's Malware Lab proceeded so you don't have to. Once the app has been allowed, I have to prove that I'm not a spam bot by completing a short survey. I'm not a spam bot and I really want to see that clip, so let's do a survey!
I decided to try to win my favourite Apple product. After about five minutes filling in a survey and entering lots of valuable personal information, I'm offered free Omega 3 pills for a month (as long as I complete another huge survey, making sure not to forget all my personal info), membership to a casino and some free gambling money and can "help" my friends win Apple products by entering up to 5 email addresses which also supposedly multiplies my chances of winning. In reality, I've just sent my friend's email addresses to a marketing company. They will not be happy with me.
But wait - it looks like something didn't work. My survey didn't register as being completed. I need to do another one.
I have to choose another survey to see the clip, so I chose to play duck hunt rather than fill in another survey (refer back to the second image). Instead of getting to play duck hunt, I'm offered an iWon application by the same people behind the MyWebSearch toolbar and Smiley Central emoticon junk.
But first, a security check.
I spend another five minutes filling in personal details and answering questions and eventually the clip has been unlocked. It's a YouTube video of some BBC footage.
By this point, I've completed three surveys, given up my name, sex, address, postcode, country, email address, phone number, how many kids I have and their ages, my car, make, model registration number and expiry date, my mobile phone operator what kind of job I do, where I want to go on holiday, my personnummer (http://en.wikipedia.org/wiki/Personal_identity_number_(Sweden)) and that I need a cat transport box for my car (!).
Not only that, by the time I'm allowed to see the clip, a MyWebSearch toolbar has been installed and as if that wasn't enough, a Facebook app has been enabled that can post status messages, notes, photos and videos to my wall and access my Facebook data at any time.
This was not a good deal. I could have just gone straight to YouTube, saved 30 minutes and not given up a treasure trove of personal information for nothing. So, where do you go from here?
Get Rid of the App
No malicious software was downloaded to my machine this time, but maybe I won't be so lucky next time. The main thing t odo is to remove the app from yor Facebook account to avoid spamming your friends with surveys and to stop it writing messages on your wall and collecting your Facebook data. Here's how:
- Click on Account -> Privacy Settings
- Click Edit your settings below Apps and Websites at the bottom right of the screen
- Click on the app you want to remove. In this case, we're removing Japanese Footage.
- Click on Remove app.