Message circulating on Facebook warns users not to click links to a video of a girl who killed herself in front of her web cam because the video is a trojan that will attack your computer.
The message alludes to a real security threat that is targeting Facebook users. However, this threat is a typical “clickjacking” survey scam, not a trojan as suggested in the warning. Certainly, Facebook users should watch out for links to this survey scam, along with hundreds of other scams of a similar nature. Nevertheless, the inaccurate claims in the message along with its breathless, over-the-top, style significantly reduce its usefulness as a security warning.
This rather excited, ALL CAPS message is currently moving rapidly around social network Facebook. The message warns users to watch out for posts about a video that shows a girl killing herself in front of her web cam. According to the warning, you should not click on the video because it contains a trojan that will attack your computer. It notes that the trojan is also “tagging everyone”.
There is indeed a security threat currently targeting Facebookers that users links to a supposed video of a girl killing herself as a lure. However, this threat is yet another “clickjacking” survey scam, not a trojan attack as claimed in the warning.
A series of spam messages like the one depicted in the following screenshot have been appearing on Facebook:
Clicking the link in these spam messages opens a bogus video website that has been rendered to resemble a YouTube page. Once on the page, the user is urged to watch the video that supposedly provides footage of the girl’s suicide. However, those who attempt to watch the video are inadvertently clicking a Facebook “Like” button, an action that will automatically repost the scam message to their Facebook walls. But, before they get to see the video, users are told that they must perform a “verification test” by participating in one or more surveys. Those who proceed by following one of the survey links will be presented with a series of “surveys” that may ask them to provide contact details and other personal information. Often, these surveys attempt to trick participants into subscribing to extremely expensive SMS services. By participating, they may also inadvertently give permission for marketing companies to contact them via email, phone or surface mail. Moreover, the scammer responsible for the attack will earn an undeserved commission each and every time a victim participates in one of the bogus surveys. Regardless of how many surveys the victim fills out, he or she will never get to see the promised movie.
There have been several variants of this “suicide video” survey scam being promoted on Facebook recently. Users should certainly watch out for these and a great many other “shocking” or “breaking news” messages that point to survey scams. However, this type of tactic, dubbed “clickjacking”, is not a trojan attack as claimed in the warning message. And, those responsible for such scams do not want to “attack” or damage your computer. In fact, since their aim is to con you into participating in as many of their bogus surveys as possible and thereby make them money, these scammers want your computer to be in good working order.
While the message does relate to a real threat, its inaccuracies and its overblown style significantly diminish its usefulness as a security alert. To be of use, security alerts need to contain clear and accurate information about the type of security threat discussed. Misidentifying a survey scam as a virus or trojan simply muddies the water. Trojans and viruses cause quite different problems than survey scams and effectively dealing with them requires different strategies. Moreover, security alerts need to contain up-to-date information or they very quickly become redundant. A real problem with warnings like the one above is that they are likely to continue circulating pointlessly for months or even years after the threat that they describe has subsided. Survey scams tend to come and go very quickly, usually within a few days, so warnings about them have a very limited “shelf life”. Often, such warnings are already redundant by the time they begin to spread widely across the network.
Therefore, perhaps a more productive approach to the problem is to help educate other users about clickjacking and rogue application survey scams in general.Bbc News What That Girl Did On Cam