Free 150 FB Credits? Latest Facebook scam spreads its tentacles wide

Filed Under: Facebook, Rogue applications, Social networks, Spam

We're seeing another wave of the free Facebook credits scam spreading amongst users of the social network.

Facebook Credit messages

Messages reading

One time offer! Win FREE 150 FB credits for your top games NOW! Limited copies left! : [LINK]

are appearing on users' Facebook newsfeeds.

Clicking on the links can take you to webpages that encourage you to "act now" to claim your free 150 Facebook credits. (If you're not a devotee of some of Facebook's online games you may not realise that Facebook credits are a virtual currency that can be used to purchase virtual goods in many games and applications on the site. You can purchase Facebook Credit gift cards in stores such as Target, Walmart, Best Buy and RadioShack in the USA).

Free Facebook Credits

Free Facebook Credits

Games on Facebook are a big business, meaning that there is a sizeable market for Facebook Credits. As such, it's not surprising to see scammers use the lure of free Facebook Credits as a lure for unsuspecting users.

If you are tempted to apply for your free credits you are asked to permit a third-party application to have access to your Facebook profile.

Rogue application requests permission

Giving the app permission to access your profile, means that it can access your list of friends, post messages to you wall, and even email you at your private email address, amongst other things.

Hopefully now you're beginning to see how this could go wrong.

The scammers then present an all-too-familiar CPALead survey, which earns them commission in the form of affiliate money. You will also be asked for your name, full address, telephone number and full date of birth. Is this really the kind of information you should be sharing with complete strangers?

Survey

And behind the scenes, the application has been hard at work - posting messages into your newsfeed, hoping to ensnare your Facebook friends into also clicking on the link and spread the scam further virally.

Compromised Facebook newsfeed

Don't give scams like this the time of day - always think twice before clicking on links, even if they seem to have been shared with you by your online Facebook friends.

In particular, you should always be suspicious whenever a third party application requires to access their profile without a legitimate reason.

If you've been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Revoke application permissions

Don't forget to spread the word, warning your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.

, , , , ,

You might like

One Response to Free 150 FB Credits? Latest Facebook scam spreads its tentacles wide

  1. andrew blignaut · 1405 days ago

    According to me online currencies are going to be the next big thing in e-commerce. It will offers users a new convenience. However I seriously doubt that facebook is going to be succsesful in this field. This is as Facebook is too insecure and no content on facebook is safe. I however read about a new website called MyCube which is going to be the worlds first social exhange. I believe this is an interesting idea and can become big if implemented securely

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.