14 DAY TRIAL // A new Facebook scam is using the free iPhone lure to direct users to rogue pages that try to convince them into buying work-at-home kits.
As usual, the scam propagates via spam messages posted from the accounts of compromised users, which read: "Apple is giving away 1000 Iphones4s I just got mines =) http://apps.facebook.com/[app_name]"
The name of the application differs, but the links lead users to a website that has nothing to do with iPhones.
Instead, the landing page advertises a work-from-home scheme, which involves buying an "Home Income Profit Kit." Attempting to close this page prompts a warning dialog offering a discount.
One interesting aspect of the attack is that spam messages are tagged as being posted "via Email," a functionality not available to applications.
Each Facebook account has an unique @m.facebook.com address associated with it, which allows users to post on their walls directly from their email accounts.
"My guess is that the facility may have been compromised, and scammers have found a way to update users' statuses [...] by sending an email message directly to their walls," writes Graham Cluley, senior technology consultant at Sophos.
The same technique was used in a similar attack we reported at the beginning of October, which also led to earn-money-fast kits.
It's possible that attackers are abusing accounts compromised through other methods, such as trojan infections, and prefer using the email feature because its easier than coding a script to automate direct wall posting.
The free iPhone or iPad lure has been employed before in a variety of scams, its constant reuse suggesting that it is relatively successful at attracting users.
The work-at-home scams are an even older trick, which is also fairly popular with scammers, not only on Facebook, but on other websites as well.
In such cases, security researchers advise users to guide themselves by the old saying according to which "if something sounds too good to be true, it probably is."