Security researchers warn of several new Facebook scams, which trick users into spamming their friends and participating in surveys by promising them free iPhones.
The iPhone-themed attacks started over the weekend and produced spam messages like: "Just testing Facebook for iPhone out :P Received my free iPhone today, so happy lol.. If anyone else wants one go here: <link>
The links directed users to rogue Facebook applications, which requested permission to access their profile information and post on their walls.
Credulous users who allowed them, got the aforementioned message spammed from their accounts and were asked to take a survey.
Graham Cluley, a senior technology consultant at Sophos, warns
that a new free iPhone scam is currently making the rounds on the social networking website.
The latest spam messages read: "Claimed my free iPhone today, so happy lol... If anyone else wants one go here: http://tinyurl.com/[censored]
The links lead to an external website that has no reference to iPhones. Instead it promotes an obviously fake method to earn money on the Internet. These schemes usually require users to buy a useless kit with instructions.
However, this new attack is very unusual, because the spammed messages appear as being posted via Email.
"That's the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose)
," Mr. Cluley explains.
It's not yet clear how spammers are pushing these messages out, since the attack doesn't involve rogue Facebook apps, clickjacking techniques or even the usual instructions to manually "Share" the page.
"Is it possible that the facility has been compromised, and scammers have found a way to update folks' statuses just by sending an email message directly to their walls?
"Or have the cybercriminals managed to get their paws on a database of upload email addresses through which they they can now relay their spam messages?
," the Sophos security researcher writes.