Facebook users should be aware of a slew of viral messages circulating the social networking site as a result of a gaping security flaw on Facebook’s behalf concerning their platform on the iPhone.
Scammers have managed to concoct a way of fooling Facebook users into pasting JavaScript code into their URL address bar that causes them not only to post messages onto the walls of their Facebook contacts, but such messages contain extra options at the end of the post which are fully customisable by the scammer.
Avid Facebook users will be aware that at the end of messages posted on their walls are the familiar options such as “Like”, “Comment” or “See Friendship”. What makes these viral scam posts different and more dangerous is that an extra option is appended as well, that – from what we can see – can virtually say anything, meaning such posts look much more legitimate, and this factor is certainly what is making such posts incredibly successful at circulating the social networking site. See the image below -
The posts are varying, but the extra option at the end of the posted message will direct users either to external websites or to Facebook Pages that contain a variety of scams. Most prolifically, these scams are requesting Facebook users copy and paste a handful of lines of JavaScript code into their URL address bar which is extremely dangerous and also causes the Facebook user to post the same message to all their Facebook friends, thus helping the scam messages propagate virally.
At this time, the security flaw is only effecting iPhone users since all offending posts have derived from an iPhone user, yet with more and more Facebook users turning to their friends to social network, this is still potentially effecting millions of users. Scammers have already used a diverse array of messages, including these –
OMG! Its unbeliveable now you can get to know who views your facebook profile.. i can see my top profile visitors and i am so shocked that my EX is still creeping my profile every hour. click below
Facebook now has a dislike button! Click Enable Dislike Button to turn on the new feature!
F**k you fa**ot. Go kill yourself. Vote for Nicole Santos. I hate you and the only way to remove all these posts is by disabling this below.
Please do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to the comment below to begin the verification process....
What is more concerning perhaps is that these messages started circulating more than a week ago, yet identical threats exploiting the same flaw continue to circulate - apparently unhindered - around Facebook fooling its users into potentially dangerous situations. And it doesn’t look like stopping either, since we imagine the next message exploiting the flaw will be released by the scammers shortly, if it hasn’t already.
This must be particularly embarrassing for Facebook since it coincides with their announcement of much more stringent security procedures to reduce scams that circulate the site.
That’s another D’oh, Facebook.