Social Scams – Part 2: How to Clean Up Your Browser and Facebook Timeline

During recent weeks, I have seen different scams on Facebook attempt to convince users to install Google Chrome extensions. I have noticed some conversations taking place around the scams; people not sure how to get rid of the scammer photos or how to prevent the scams from spreading further. Some users have unfortunately  gone as far as creating new Facebook profiles for themselves. This is not necessary.

If you have been tricked by one of these scams, here is how you can clean up your browser and Facebook timeline:
 

Remove bad browser extensions

If you have installed the Chrome extension for Facebook Black, Profile Spy ("See Your Profile Viewers"), or Free PS4, you will need to uninstall it from your browser:

  1. Open the Google Chrome browser.
     
  2. Type chrome://extensions into the browser address bar.
     
    image1_0.png
     
  3. Click the trash can icon to delete bad extensions
     
    image22.jpg
     
  4. Click Remove at the confirmation dialog
     
    image33.jpg
     

The Google Chrome extension page can help you identify any bad extensions that you have installed. In this preceding example you can see both the "Get PS4" and "See Your Profile Viewers" extensions that have been installed.

To delete a bad browser extension, just click the trash can icon and confirm.
 

Remove unwanted Facebook pages

The preceding Chrome extensions may be responsible for creating Facebook pages using your profile. Now you should confirm whether or not scammer Facebook pages were created in your account and then remove them:

  1. Click the gear icon at the top right corner of your Facebook profile and select the page you wish to modify.
     
    image4.jpg
     
  2. Once the Facebook page has loaded, click Edit Page at the top.
     
  3. Select Manage Permissions.
     
    image5.jpg
     
  4. Click Permanently delete [NAME OF PAGE] at the bottom.
     
    image6.png
     
  5. Click Delete to permanently remove the Facebook page.
     
    image7.png
     

As you can see in this preceding example, a randomly created Facebook page was found being used by scammers. You can prevent friends from being photo-tagged with scammer spam by permanently deleting these scammer Facebook pages.

After page deletion you should arrive back at your main Facebook profile.
 

Remove scammer posts from your Facebook timeline

In order to keep the scam in circulation, the previously mentioned Chrome extensions have downloaded JavaScript files. These files were responsible for performing scammer activity, including tagging your friends in photos to promote the scam in news feeds.

The last step is to remove the photos the scam extension has posted on your behalf and get a clean Facebook timeline:

  1. Go to your profile timeline.
     
  2. Scroll through your timeline to check for photos published by the scam.
     
  3. Hover over the timeline story item and click the pencil icon.
     
  4. Select Delete Photo.
     
    image8.png
     

Deleting the photos left by scammers on your timeline helps stop promotion of the scam.

However, in another scenario, you may be the one who is tagged by a scammer photo in a timeline. In that case, you should report the scam to Facebook:

  1. Hover over the timeline story item and click the pencil icon.
     
  2. Select Report/Remove Tag.
     
    image9.png
     
  3. Check I want to untag myself and I want this photo removed from Facebook and select It’s spam.
     
    image10.png
     
  4. Click Continue to confirm.
     

And now that you have removed bad extensions from your browser, cleaned up your Facebook profile timeline, and reported scammer spam, point your friends to this blog post so that they can clean up their own browsers and Facebook timelines.
 

Don't forget to stay vigilant

These clean-up instructions will help you remove scams circulating on Facebook that involve Google Chrome extensions. But, as mentioned before, scammers are relentless; they are likely to change their tactics again and again. Proceed with caution on social networks and avoid installing any browser extensions in exchange for free products or special features.

Symantec customers are protected against these types of attacks by our Web Attack: Fake Facebook Application 3 IPS signature.