Facebook scammers are tricking users to paste rogue code into their browser's address bars in order to get a Dislike button added to their options.
The spam messages posted by victims read "Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!"
The scammers are using a trick to replace the Share link that appears under the message with an "Enable Dislike Button" one.
Clicking on the link will share the spam message from the user's account with all of their friends, but also run rogue code on their computers.
"As we've explained before, there is no official dislike button provided by Facebook and there isn't ever likely to be.
"But it remains something that many Facebook users would like, and so scammers have often used the offer of a 'Dislike button' as bait for the unwary," warns Graham Cluley, senior technology consultant at Sophos.
This technique is low-tech and should raise a lot more suspicion, but even so, there are enough users falling for it.
It's gotten so bad that Facebook has recently introduced a mechanism to detect, block and inform users about the risks of doing this. So far it seems this system is inefficient in blocking the attacks, but hopefully Facebook will tweak it and improve its detection capabilities.
Users who fell victim to these scams should search their walls and remove any spam messages posted without their authorization. This will prevent their friends from also being affected.
Any Facebook scam victim should assume the worst and change their password, which should be unique for Facebook anyway. Making use of Facebook's new account security features, such as two-factor authentication is also highly recommended.