"No WAY, I Found Out Who Has Been Looking at My Profile" scam spreads on Facebook

Graham Cluley @gcluley

Here’s a message I received from a reader earlier today:


Urgent help!!!
Have a facebook virus that all my friends get tagged a photo by me saying ‘No WAY, I Found Out Who Has Been Looking at My ProfiIe’ stalking your profile

Looking how to stop it immediately
Thanks, Shaul

Saul’s a smart guy. He knows that you can’t see who has been looking at your Facebook profile, and he wanted the messages to stop appearing on his account.

I took a link at Shaul’s Facebook profile, and this is what I found:

No WAY, I Found Out Who Has Been Looking at My ProfiIe

No WAY, I Found Out Who Has Been Looking at My ProfiIe — with [NAME] and [X] others.

By tagging the photographs with the names of other people on Facebook, the scam is hoping to spread to others and trick them into clicking on the link.

Furthermore, similar messages had been posted time and time again – each with an attached photograph – much to the annoyance of Shaul who was finding them clogging up his photo albums:

Photo album

Fortunately, at the time of writing, the links result in a “page not found” message – but chances are that at some point they directed unsuspecting users to a rogue Facebook application that would attempt to hijack control of their accounts or start spamming innocent social networkers.

It’s not entirely clear how Shaul’s account become affected by this scam, but here are my suggestions if you find yourself in a similar situation:

[unordered_list style=”tick”]
  • Delete the offending messages/photos from your Facebook profile. At least that way, you’ll reduce the chances of other people seeing them.
  • Run an up-to-date anti-virus program. It’s possible that your computer or web browser has been compromised by some malware which is posting messages on your behalf, without you realising.
  • Make sure that your other software is up-to-date too. For instance, that you are running the latest operating system patches, and that your browser and other software – such as Adobe Flash, Java etc – are the latest versions.
  • Change your Facebook password – just in case it has been stolen by the criminals behind the scam. By the way, if you’re changing your password make sure that you don’t use that same password *anywhere* else on the net, and that it is not an easy-to-crack word.
  • Go to https://www.facebook.com/settings?tab=applications, where you should revoke any third-party Facebook apps that you do not trust or recognise.
  • Join my Facebook page to keep up-to-date on the latest scams. If you really want to keep yourself protected, tell your Facebook friends to do the same! Together we can help fight back against the scammers.

Thanks to grahamcluley.com reader Shaul for posing the question. I hope this helped answer it, Shaul!

If anyone else has a question – feel free to drop me a line at . I can’t promise to answer them all, but I can always try…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.