May 16, 2011
No, You Can't See Who's Looking at Your Facebook Profile, Stalking You on Facebook: New Profile Views Counter Scam
As regular readers of this blog no doubt realize, phishing scams aren't confined to email. On Facebook, one of the most popular phishing/malware distribution schemes has been come-ons that allege to let you "see who's been viewing your profile" or "see who's stalking you."
Per Facebook's own FAQ on this subject (see Facebook FAQ item "Can I see who's viewed my profile?"):
"Facebook does not provide applications or groups with the technical means to allow people to track profile views or see statistics on how often a particular piece of content has been viewed and by whom."
Proofpoint spam fighter Scott Panzer sent me an example of the latest version of this scam which encourages users to drop a bit of Javascript code into their browser's address bar to enable you to see who is viewing your profile.
As you've probably guessed, the code itself is malicious. If executed, it spams itself to your Facebook wall and your online friends. It then friends you to several other random accounts, probably with the goal of executing further phishing attacks.
We see Facebook friends getting fooled by these sorts of scams quite frequently and it's worth reminding your friends (or users inside your organization) to be aware of phishing attacks on Facebook and to specifically note that any application that purports to let you see who is viewing your profile is certainly phony and malicious.
You might also find it helpful to share our "Seven Simple Rules for Staying Safe Online", most recently posted in my article, "Stay Safe from Email Threats in the Wake of Epsilon Email List Breach."
