14 DAY TRIAL // A new Facebook scam tricks users into giving attackers almost complete access to their profile data by luring them with a video about the world's alleged worst McDonald's customer.
"OMG the worlds worst mcdonalds customer (shocking video must see) –> http://bit.ly/[CENSORED]," the spam messages read.
In order to raise people's curiosity, the scammers also use descriptions like "MCDONALDS SHOCK [OMG]" for the shared links.
Following the spammed links takes users to a rogue Facebook application, which asks them for several permissions.
These include access to basic profile information, access to post on their walls, access to their data even when they are not logged in, access to manage their pages and access to their contact information, such as their location.
"If you're sensible you'll pull out at this point, and not grant the application permission to access your data," Graham Cluley, senior technology consultant at Sophos, says.
"But sadly plenty of people are keen to see the 'shocking video' and will hand over control to the rogue Facebook app - which promptly posts the link as a status update to your Facebook wall - thus perpetuating the cycle," he adds.
Users who fell victims to this scam are advised to immediately revoke the permissions of the rogue "Worst McD's Customer" application by removing it from Account > Application Settings.
The spam messages posted from affected people's walls should also be deleted by using the "Remove" button which appears when hovering the mouse cursor over them.
These type of scams have invaded Facebook lately and the site's security staff doesn't seem to be able to keep up with them.
The fact that they abuse familiar Facebook features like the "Request for permission" prompt makes the problem even worse, but users should remain vigilant at all times and deny access to any application promising thinks as simple as a movie or picture in exchange to extensive access to their data.
You can follow the editor on Twitter @lconstantin