IT security: Sophos warns of Facebook Valentines' Day scams

In October 2007, we reported on the problems of making Web 2.0 sites pay (story) and concluded that

"The aim, then, it seems is to built a network of sites meeting all the social needs of users, and to keep them "in the family." By insisting that at least one of those services has an effective registration including verifiable identification, then information exchange within the network will facilitate accurately targeted advertising.

The current Holy Grail, then, is the grabbing of eyeballs, and converting them into targets, so that highly targetted advertising can be sold.

It all sounds remarkably sensible. Except, so far, no one is close to making it work and the amounts of money that have so far been thrown at it are mind-boggling."

The latest round of "improvements" by Facebook are getting closer to that ideal. And criminals have noticed. Within the past few weeks, this author's discussions amongst friends (real ones, not the FB variety) ironically using the FB platform have centred on privacy. And the universal concern that accepting applications means losing control of personal data. The decision of most of this author's connections is simple: don't accept applications.

That undermines FB's new business model which is to make a margin on purchases made through applications.

Now Sophos, which started as an anti-virus company before such things were really fashionable and has mutated into a much broader internet security concern, has published its own findings on the same subject - and it's found that applications intended to catch the unwary over Valentines' Day are a significant risk.

Sophos says it has " identified rogue Facebook applications with names such as Valentine's Day and Special Valentine which are responsible for the messages, but it is possible that the scammers could have created others which use similarly love-themed messages.

If you make the mistake of clicking on the link you are taken to a splash screen which displays a teaser. Here's one example, where the application claims it will "generate a random poem and send to one or many friends you select".

According to this splash screen, the application has 220,673 monthly users - which may make you think that there's nothing to be suspicious about.

However, the third-party Valentine's Day Facebook applications are rogue apps, trying to trick you into agreeing to give them the ability to post status messages to your wall as well as gather information about you including your name, photograph, gender and information about your friends.

Clicking on "Allow" is a desperately bad idea, but plenty of Facebook users already have. What they don't realise is that application craftily and instantly posts the message advertising the rogue app to your Facebook wall, hoping to draw your online friends into the money-making scheme."

Sophos goes on to explain how the scammers make their money.

You've been warned.

It's not just your heart that could get broken.