We're seeing another wave of the free Facebook credits scam spreading amongst users of the social network.
One time offer! Win FREE 150 FB credits for your top games NOW! Limited copies left! : [LINK]
are appearing on users' Facebook newsfeeds.
Clicking on the links can take you to webpages that encourage you to "act now" to claim your free 150 Facebook credits. (If you're not a devotee of some of Facebook's online games you may not realise that Facebook credits are a virtual currency that can be used to purchase virtual goods in many games and applications on the site. You can purchase Facebook Credit gift cards in stores such as Target, Walmart, Best Buy and RadioShack in the USA).
Games on Facebook are a big business, meaning that there is a sizeable market for Facebook Credits. As such, it's not surprising to see scammers use the lure of free Facebook Credits as a lure for unsuspecting users.
If you are tempted to apply for your free credits you are asked to permit a third-party application to have access to your Facebook profile.
Giving the app permission to access your profile, means that it can access your list of friends, post messages to you wall, and even email you at your private email address, amongst other things.
Hopefully now you're beginning to see how this could go wrong.
The scammers then present an all-too-familiar CPALead survey, which earns them commission in the form of affiliate money. You will also be asked for your name, full address, telephone number and full date of birth. Is this really the kind of information you should be sharing with complete strangers?
And behind the scenes, the application has been hard at work - posting messages into your newsfeed, hoping to ensnare your Facebook friends into also clicking on the link and spread the scam further virally.
Don't give scams like this the time of day - always think twice before clicking on links, even if they seem to have been shared with you by your online Facebook friends.
In particular, you should always be suspicious whenever a third party application requires to access their profile without a legitimate reason.
If you've been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Don't forget to spread the word, warning your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.Follow @gcluley