View the original post on the OpenDNS blog.
Every few weeks there's a new scam that makes the rounds on Facebook. This week it's the "Find out who visits your profile," scam, which we've all seen before. Here we take a deeper look at the scam to understand better what exactly the virus is trying to do and how we can all protect ourselves.
The virus works first by gaining access to your Facebook account. Unlike other methods for hacking, which involve somehow accessing your login credentials, this scam needs only for you to click a link posted on your wall or someone else's wall. To entice you into clicking, the scam offers something lots of people would love to know, but Facebook doesn't allow: a list of people who've viewed your profile. You might receive an e-mail notification that tells you a friend has posted a link on your wall with this context:
"LOL !! Me cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking my Pix and my Profile. You can also see WH0 CHECKS YOUR PR0FILE here)"
The most important thing to understand about this scam is that you should not click the link. If you don't click the link and opt-in, the virus is rendered powerless. If you click the link, and you happen to be logged into your Facebook account when you do, the virus immediately goes to work posting the same link and content on your friends' walls. There's no way to stop it in progress — the only way to repair the damage is to visit each of your friends' walls one-by-one and remove the post, or message all and hope they haven't already clicked the link, as well.
Within social networks users are largely accountable for their own safety. The primary thing to remember: if you have any doubt, don't click the link. Facebook offers this bit of advice:
"Always use caution when clicking on a link or opening an attachment, even if it's been sent or posted by a friend or other reputable source. If you have any doubt, get confirmation directly from the sender. Be especially wary of messages that include attractive offers or urgent requests, and watch out for links that require you to immediately provide a login and password."
Thanks to OpenDNS blog for this information