Last week Mark Zuckerberg of Facebook announced that the social networking site would be implementing a sort of “dislike” button. Well, not exactly. Zuckerberg hinted that the new button would be more of an “empathy” button that could be used to express condolences on sad posts instead of awkwardly “liking” it.
Criminals saw this as an opportunity to take advantage of the much anticipated button. Seemingly legitimate posts that promise to give users early access to the button have been cropping up in News Feeds. Unfortunately, the promise turns out to be a scam that contains links that when clicked, leads the user to a malicious website. The malicious website will then gain access to the user’s private Facebook information and will post even more scams on the user’s behalf, without his or her permission.
According to HackRead, the website will also display a countdown timer in which the user has a limited amount of time to fill out a survey or else they will give up their chance at getting a dislike button. The survey(s) ask for personal information and account credentials which are later used to spread the scam even further through email. Sometimes, bank account information is asked for.
Naked Security performed two tests on the scams and found that they use a bait-and-switch approach. The surveys that users are lead to are not always the same but all of them are asking for personal information. Some entice users by promising them a large sum of money if they sign up. In all cases, the final surveys have nothing to do with a dislike button or Facebook.
The websites also may contain malware that is automatically downloaded onto a user’s device, according to The Stack.
This scam, like many Facebook scams, is able to spread like wildfire because of its shareability. It entices users into re-posting and direct messaging the scam so the number of exposed people continues to rise exponentially.
Facebook users, know that a dislike button is not currently available and any post that claims to give you the button is a complete scam that steals your personal information, hijacks your account, and infects your device with malware. Your best bet is to stay away and when in doubt, DON’T CLICK.