New Facebook Scam Lures Victims With 'Enable Dislike Button'
Researchers at security firm Sophos first detected the scam over the weekend, when messages offering a dislike button began emerging on Facebook users' walls.
The message reads: "Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature."
Graham Cluley, Sophos senior technology consultant, said that the hackers behind the scam managed to circumvent Facebook's security and replace the "Share" button with a link that says " Enable Dislike Button ," making it appear legitimate.
"The fact that the 'Enable Dislike Button' link does not appear in the main part of the message, but lower down alongside "Link" and "Comment," is likely to fool some users into believing that it is genuine," Cluley said in a blog post.
Upon clicking the "Enable Dislike" link, users will be subjected to an application that requests them to follow specific steps, allegedly to enable the phony "dislike" button. The instructions include copying and pasting JavaScript in their browsers, which immediately spams the fake "dislike" feature scam to everyone on their friends' list by posting it on their Facebook wall.
Thus far, the "Enable Dislike Button" ploy appears to be a typical survey scam designed to maximize profits on a per-click or per-user basis. But security experts say that viral trickery has the same potential to run malicious code on victims' machines, which could cause their systems to crash in a denial of service attack or enable hackers install malware that could completely take control of their computers to access and steal sensitive data.
Cluley said that the scam exploits Facebook users' desire to have a way of "disliking" a post, an event or another application in the same way that they "like" something.
"As we've explained before, there is no official dislike button provided by Facebook and there isn't ever likely to be," Cluley said. "But it remains something that many Facebook users would like, and so scammers have often used the offer of a 'Dislike button' as bait for the unwary."