There has been a huge rise in the number of Facebook users spreading messages regarding a supposed webcam video of a girl committing suicide. The latest such scam is based on the following message: "Jessy, 22 yrs Girl from Miami committed Suicide before a Cam after breakup. First time a Live suicide death video of true lovers in the history on a Cam" followed by a link.
This is a completely different type of attack than the recent likejacking scams that have been taking advantage of various celebrities, including Justin Bieber, Miley Cyrus, Emma Watson, and Christina Aguilera. This one uses a rogue Facebook application as well as some social engineering to trick the user into spreading the scam.
Instead of directing you to a fake YouTube page, the link points the user to a rogue application that tricks you into granting it permission to post to your Facebook wall, according to Sophos. Once the user clicks on the "Approve" button, the fake application starts reposting the same message outlined above to your Facebook wall so that it is seen by your Facebook friends, allowing it to spread virally across the social network.
The scam then displays a webpage that asks you to verify your age by completing a questionnaire. The scammer earns his or her money via a commission for every survey completed. They can even trick you into handing over your mobile phone number to sign you up for a premium rate SMS service.
We've seen all of this before. What's new this time around is that the scammers have started using your Facebook name and profile picture to convince you to participate in the survey: "Please Verify That You are [Your Facebook Name]." Below, there's even a very reassuring disclaimer: "Helping To Protect Your Identity and Personal Information."
On the one hand, the scammers have to get you, the Facebook user, to approve the application in question, which is slightly more difficult. On the other hand, once you've accepted that part, you're much more likely to be convinced by the scam since the application now has access to your Facebook profile.
As I've recommended before, if you see a scam like this one, report it. Then go check your own wall to make sure you're not spreading the scam; the sooner you clean it up and remove the rogue application, the better. You can even contact Facebook Security if you'd like to. Since this scam is internal to Facebook, a security suite or the Firefox add-on NoScript will not help you.
Facebook really needs to figure out a better way of shutting down these scams. For starters, any Facebook application that grows its user base at a viral rate should be disabled temporarily until someone can manually check its validity. How would you stop such scams without interfering with third-party developers that genuinely want to add to the Facebook experience?