Facebook scams are getting sneakier and sneakier - with the latest attack using the lure of a free T-shirt celebrating Facebook's birthday in an attempt to steal the secret backdoor key to your account.
The offer seems attractive enough - a webpage claiming to celebrate Facebook's 7th birthday, saying that it has over 1.9 million official T-shirts in stock.
All you have to do is verify that you are a Facebook user, claims the following webpage. And this is where things get very sneaky.
The webpage tells you to visit Facebook Mobile, and find on that page the personalised email address that you can use to post status updates or upload photos and videos straight to your profile.
Many people are probably unaware that such a thing exists - but every Facebook user has a secret mobile email address they can use for this purpose.
The important thing, of course, is to keep it secret. Because if someone else finds it out, they'll be able to post status messages to your Facebook page or upload videos and photos to your wall - which your friends will be able to see.
The scammers, unsurprisingly, want your secret mobile email address for Facebook. And so they claim that you have to hand it over to verify you are a legitimate Facebook user in order to get your T-shirt.
The scammers have even had the gall to make a YouTube video showing how to find the secret email address on the Facebook Mobile page, and where to enter it on their form:
The above video is made by a YouTube user called "vicsthedevil" and we have to assume that they are intimately involved in the scam. They posted the video on 5 September, the same day that they registered the website domain name where they are hosting their scam.
Of course, you're still hoping that you're going to receive a free T-shirt. So you may not baulk at the idea of completing a survey (which, by the way, earns commission for the scammers) and giving them your snail mail details so they can send through your free gift.
Good luck, by the way, on that T-shirt. My hunch is that you won't ever receive one. But the scammers now have the ability to post to your Facebook page and upload pictures to your account, and you have helped them earn some money in the process.
If you were hit by this scam then you must refresh your Facebook mobile upload email address - that way the bad guys you just gave it too won't be able to use it as a secret backdoor into your account.
How to refresh your Facebook Mobile upload email address
Some commenters have asked how do you change your Facebook Mobile upload address. Unfortunately, Facebook has made it somewhat tricky to find this option (maybe that's why the scammers felt they had to make their own explanatory video!).
Visit www.facebook.com/mobile.
Refresh the page until you see an option like that displayed below. You may have to scroll down the page to find it.
You should now see your Facebook Mobile upload address. Beneath it you should also see an option to "Find out more". Click it, and a screen like the following should pop up.
On this page you should find an option to refresh your mobile email address - but note! Facebook warns that you can only refresh it a limited number of times.
If you don't change your mobile email address on Facebook, you're just asking for trouble. In the past, Facebook pages such as that belonging to the Van Gogh Museum have been hit by scammers who abused the mobile upload feature.
It would be great, of course, if there was a way of telling Facebook to not allow any email address to be used for mobile uploads, as I would imagine that many individuals and companies would find the permanent blocking of the feature attractive.
If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest issues.
Follow @gcluley
how do i change my mobile email address on Facebook ?
Go to http://www.facebook.com/mobile/ under your email address click "Learn More" then "refresh your email upload email"
Go to Facebook Mobile ( https://www.facebook.com/mobile ),click on "Find out more" under "Upload via email" and you should find an option to refresh your mobile email address.
I have tried to repost this only to get the following error:
This message contains blocked content that has previously been flagged as abusive or spammy. Let us know (hyperlink) if you think this is an error.
Irony!
Sigh.. Once again, Facebook's security is actually working against it. :(
Facebook won't allow me to share this link. Says it contains stuff that's been flagged as abusive or spammy.
This article doesn't really address how to find or change your mobile email address. I went to Facebook Mobile, but was stopped by not having one of the phones listed. "The webpage tells you to visit Facebook Mobile, and find on that page the personalised email address that you can use to post status updates or upload photos and videos straight to your profile. Many people are probably unaware that such a thing exists - but every Facebook user has a secret mobile email address they can use for this purpose. The important thing, of course, is to keep it secret."
Okay, EVERYONE has one, but clearly, it's also a being kept secret from me. How do I find out what mine is and prevent others from potentially using it?
I've updated the article - hopefully it will be clearer to you now how to find it.
Unfortunately Facebook has made the option difficult to find, and seemingly impossible to link to directly!
Same here. Won't let me share this link.
Interesting,I never bothered to click on the link to find out!
I just copied and pasted the link from the address bar. Some people still seem to lack straight forward thinking sometimes I swear..
Thanks for the tip!
FB scams are getting sneakier.