A new app is making its way around Facebook that promises to alert you when someone unfriends you on the site. However, the app also claims that it needs your Facebook username and password in order to check.
While the app may actually work, its real purpose is likely to steal your login information. Online security company Malwarebytes found that the login info entered into the app does not go to Facebook.com, but instead to yougotunfriended.com, a highly suspicious URL. Even fishier still, the app does not show up on the list of your Facebook apps, meaning it’s effectively concealed on your page—and incredibly easy to forget.
Thankfully, there’s a simple way to protect yourself from this spammy app. You can just go to your Facebook Settings page and change your password as soon as possible, or use Malwarebytes’ recommended tool to get rid of it completely. Though it’s easy enough to delete, it’s even easier not to fall prey to scams like this one in the first place. Any kind of suspicious-looking link that promises something salacious or improbable is likely malware—especially if it asks for sensitive info. It’s a good idea to never, ever give away your login, but it’s an especially good idea not to hand it over to a strange third-party app.
*Edited June 15, 2015 – Malwarebytes posted the update shown below in their original blog post. It appears that the Unfriend Alert app doe not steal Facebook login information.
“UPDATE: Here at Malwarebytes, we do our best at pointing out the facts and true dangers behind all online threats. Though we are only human and very rarely we can be overzealous in our attempts to inform our users of online threats. Unfriend Alert reached out to us after this blog post to let us know what our analysis was incorrect and upon further inspection, it turns out that our initial belief that Unfriend Alert was possibly stealing Facebook credentials was incorrect.”