‘Claimed my free iPhone’ spam swamps Facebook

Scammers continue to make a mockery of Facebook security, with social networking accounts being abused to spread messages about “free” iPhones.

Claimed my free iPhone

Claimed my free iPhone today, so happy lol... If anyone else wants one go here <LINK>

The messages have been appearing on the site for at least the last 12 hours, and are showing no signs of respite. And they’re just the latest incarnation of an attack that we have seen successfully impacting the site since the weekend.

If you do click on the link you will be taken to a “make money fast” website.

Make money fast website

Sorry folks, there’s no indication that you’re going to get a free iPhone – but it sure was an effective way to make you click.

Interestingly, this latest batch of messages are say they were posted “via Email”. That’s the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).

Upload email

Is it possible that the facility has been compromised, and scammers have found a way to update folks’ statuses just by sending an email message directly to their walls? Or have the cybercriminals managed to get their paws on a database of upload email addresses through which they they can now relay their spam messages?

Learn to think before you click on links on Facebook, if something sounds too good to be true, it probably is. If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.