January 25, 2011, 2:01 PM — 'Get the dislike button!' 'OMG this girl KILLED herself after her dad posted on her wall!' What do these comments have in common? They are two of the scams we see making the rounds on Facebook in an attempt to get you to click on and install a bad application. The Facebook con popping up everywhere this week is the 'total profile views' ruse. It's another version of the 'See who viewed your profile' trick that makes its way around the social network and plays to the user's ego and desire for information about who is checking out their Facebook page.
Unfortunately, as is the typically the case with these scam applications, allowing the application to access your profile will only lead you to a fraudulent survey which earns a commission for the spammer. Not only will you be left still wanting to know who is visiting your profile, you've also just shared your information with the shady character who developed the fake application. Does that make you uncomfortable? It should, say security professionals.
The process of developing applications on Facebook still needs a lot of improvement, according to security and privacy advocates. In fact, earlier this month, Facebook decided to temporarily disable a controversial feature that allowed application developers and third-party web sites to access the mobile phone numbers and addresses of certain users. The feature had sparked criticism among privacy and security advocates who cautioned the ability to gather such personal details from users opened up more doors for potential abuse, such SMS spamming, or possibly even identity theft.
In a recent report, security firm Sophos noted Facebook has a major problem in the form of its app system.
"Any user can create an application, with a wide range of powers to interact with data stored on user pages and cross-site messaging systems, and these applications, like survey scams, can then be installed and run on any users' page."