Facebook survey scams reappear as Verify Your Account wall posts

Druckfreundlich, PDF & E-Mail

by Dave Michmerhuizen – Security Researcher

Facebook survey scammers who had recent success with JavaScript cut and paste pages have changed their approach and turned loose a fast-spreading “Please verify your account”  campaign that appears as a wall post from a friend.


Barracuda Labs recently reported on versions of this scam that required you to cut and past a bit of JavaScript into your URL bar.  The attack above uses the same JavaScript but embeds it in a link attached to the wall post.

There is another version that we have no sample of which posts  an obscene message to your wall which then claims that the only way to remove the obscenity is to press a “Remove this app” button that is part of the post.

As was the case in the cut and past attack, if the link is pressed the JavaScript executes in the context of your Facebook page and has access to all of the APIs and credentials of your Facebook page.  The attacking JavaScript takes advantage of that context to post the same scam to the walls of all of your friends.

The end result is the same as our previous report – a sham survey that attempts to sign you up for some unwanted service or get your cell phone number in order to send premium SMS messages to it.

Eliminating the convoluted cut and paste instructions makes this version of the JavaScript attack much simpler and more convincing and it has been spreading across Facebook like wildfire.   We can only assume that at some point Facebook will sanitize links in wall posts and not allow use of the “javascript:” scheme.   Until then, expect to see waves of these scams using every social engineering attack in the book.

In the meantime, don't click on links that are part of unusual items posted to your wall – delete them instead.   Visit the Facebook account settings pages to take care of account related issues.


As always, Barracuda Networks recommends you exercise special care when visiting links posted in your social network feeds.    Barracuda Web Filters and the Barracuda Web Filtering Service block access to these sites.

Nach oben scrollen