Friends fooled by Facebook Timeline 'removal tool' scams

Miscreants exploit users' keenness to get rid of crapness


Two separate "Timeline-removing" spam scams are doing the rounds on Facebook, security watchers warn.

Both ruses feature dodgy messages targeting users of the social network who happen to dislike the recently introduced feature, and are looking for a way to go back to the "old look". In the first case, users who take the bait are encouraged to install a browser plug-in that supposedly removes Facebook Timeline from social networking profiles.

At the time of writing on Tuesday lunchtime, anti-virus vendor Sophos was in the process of evaluating what the software, available for download from a recently established website in Turkey, actually does. In the meantime it advises users to avoid installing the plug-ins.

Screenshots of the messages, and the browsers plug-ins they, err, plug, can be found in a blog post by Sophos here.

Timeline-exorcising browser extensions are also being offered via an application called "Facebook Timeline Remover", Chris Boyd of GFI Software warns. However in this case no browser plug-in is actually on offer. Marks are instead invited to complete a collection of surveys, enriching dodgy marketing affiliates in the process. ®

Updated to add

A Facebook spokesman has got in touch this afternoon to say: "Security is a top priority for Facebook, and we devote significant resources to helping people protect their accounts and information. We’ve built numerous defences to combat phishing and malware, including complex automated systems that work behind the scenes ... Security is an arms race, and our teams are always working to identify the next threat and build defences for it."

Similar topics

Narrower topics


Other stories you might like

  • Meta mostly fails in appeal against order from UK watchdog to sell Giphy
    Might have been a good idea to mention that Snap was sniffing around GIF biz, too, judges note, though

    Judges in the UK have dismissed the majority of an appeal made by Facebook parent Meta to overturn a watchdog's decision to order the social media giant to sell Giphy for antitrust reasons.

    Facebook acquired GIF-sharing biz Giphy in May 2020. But Blighty's Competition Markets Authority (CMA) wasn't happy with the $400 million deal, arguing it gave Mark Zuckerberg's empire way too much control over the distribution of a lot of GIFs. After the CMA launched an official probe investigating the acquisition last June, it ordered Meta to sell Giphy to prevent Facebook from potentially monopolizing access to the animated images. 

    Meta appealed the decision to the Competition Appeal Tribunal (CAT), arguing six grounds. All but one of them – known as Ground 4 – were dismissed by the tribunal's judges this week. And even then only one part of Ground 4 was upheld: the second element.

    Continue reading
  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading
  • Zuckerberg sued for alleged role in Cambridge Analytica data-slurp scandal
    I can prove CEO was 'personally involved in Facebook’s failure to protect privacy', DC AG insists

    Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal. 

    DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.

    That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck. 

    Continue reading
  • Ad-tech firms grab email addresses from forms before they're even submitted
    Researchers find widespread harvesting of info without consent

    Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

    Some of these firms are said to have also inadvertently grabbed passwords from these forms.

    In a research paper scheduled to appear at the Usenix '22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

    Continue reading
  • Meta hires network chip guru from Intel: What does this mean for future silicon?
    Why be a customer when you can develop your own custom semiconductors

    Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

    Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

    Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

    Continue reading
  • Facebook deliberately took down Australian government pages during pay-for-news negotiations: report
    Whistleblowers say takedowns were used as leverage, Facebook disagrees

    Facebook whistleblowers have alleged that the company deliberately took down the presences of Australian government and emergency services organizations during negotiations on the nation's landmark pay-to-link-to-news laws.

    In early 2021, Australia negotiated with Facebook and Google over the News Media Bargaining Code which required both to pay local news outlets for the right to link to their content. Google opposed the Code and embedded links to documents detailing its objections on its home page. Facebook said the Code was so unworkable that it would be forced to stop sharing news links in Australia – and demonstrated the effect by making it impossible for Australians to post such links.

    But Facebook's actions also prevented sharing links to organizations like charities or Australia's Bureau of Meteorology in order to improve its negotiating position, according to a Wall Street Journal report that cites documents provided by whistleblowers.

    Continue reading
  • Facebook's Meta, tracking code, and the student financial aid website
    Also: Oculus virtual reality apps fail to detail info collection

    Meta's Facebook subsidiary has been collecting hashed personal data from students seeking US government financial aid, even from those without a Facebook account and those not logged into the student aid website, according to a research study published this week.

    News non-profit The Markup, working with Mozilla via its Rally data monitoring extension, found that the Meta pixel code has been gathering digital fingerprints representing the first name, last name, phone number, zip code, and email address of students filling out the Free Application for Federal Student Aid, or FAFSA, on the US Department of Education's StudentAid.gov website.

    This data is hashed – meaning it is one-way encrypted, using the SHA-256 algorithm – before it is sent to Meta, so Facebook doesn't obtain the actual content of the information, such as someone's name or email address. The info is scrambled into long numbers that act as digital fingerprints for each person's form submissions. Though Facebook can't see exactly what was entered, it could potentially use these hashes for tracking purposes or linking submissions to people's Facebook profiles; if the hashes are useless to the biz, one wonders why it's collected at all.

    Continue reading

Biting the hand that feeds IT © 1998–2022