"hey, i just made a photoshop of you, check it out :P: bit.ly/LINK" says in the message that the victims receive from a friend.
The link takes them to a rogue Facebook application - named ‘millium’ - that asks them to give it access to their basic account information (name, profile picture, gender, list of friends, etc.) and to Facebook Chat.
"This scam is spreading rapidly," says M86 researchers. "Over 88,000 clicks per hour, currently sitting at over 500,000 clicks today."
Access to Facebook Chat is the reason why this rogue app is spreading so fast. Once the user installs it, it sends the same message to his family and friends, and redirects the user to a site that looks like this:
A click on the image redirects the user to a blog about graphic design that shows 5 Photoshop manipulations, but neither of them is a photo of the user.
"At this point, we do not know what the end game is for the scammers here. The destination site results in no malicious infection and does not lead to a survey scam. Having access to a users’ Facebook Chat could allow the scam application to be used to send out other messages," explain the researchers, and advise anyone who has fallen for the scam to remove the application from their profile and warn their family and friends to do the same.