Facebook is being deluged with messages claiming that users have received free iPhones, and inviting others to participate in a scheme to receive a free Apple smartphone for themselves.
However, the messages are being sent by a brace of rogue applications that users are allowing to access their profiles, and post messages to their walls, without considering the consequences.
Many of the messages read:
Just testing Facebook for iPhone out :P Received my free iPhone today, so happy lol.. If anyone else wants one go here: <link>
Anyone want my old phone? Claimed my free iPhone today, so happy lol.. If anyone else wants one go here: <link>
With iPhones so desirable, it's no surprise that some people might want to take advantage of an apparent short cut to a free one of their own - but what actually happens if you click on the link?
Your first port of call is the application's page, which displays a large image of an iPhone 4, alongside a message which reads:
Click here for your FREE iPhone 4!
There are a number of rogue applications being used in the scam, using names such as "Safari for iPhone", "iWant", "iPhone application", "Mobile Networking" and "iSocialNetwork".
The applications need your permission to access your personal information (and to post to your Facebook wall), but seeing as you want a free iPhone 4 - maybe you're prepared to say "Allow" to that?
"Well done!" declares the rogue Facebook application, delighted that you have fallen for its trick, before directing you to a webpage which will earn commission for the spammers.
And will you ever receive a free iPhone 4? Well, I wouldn't hold your breath. And in the meantime you might find that your Facebook account begins to spam out messages encouraging others to take up the "offer".
If you are one of the many Facebook users who has fallen for this scam, my advice would be to check your privacy and application settings and remove references to the rogue application before it can cause any more trouble.
The lesson is clear. Learn to think before you "like" and "share" suspicious pages on Facebook, or before you allow unknown applications to gain access to your Facebook profile.If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.