Facebook users are being targeted by a rather unusual scam, warns Sophos.

This one lures them in with the offer of a free official Facebook T-shirt as a way to celebrate the social network's 7th birthday.

To get the T-shirt, the user is first required to "Like" the offer, and then to copy his Secondary ID into the offered box and sign up for the offer:


Now, most users have never heard of a "secondary ID". It is, in fact, a mobile email address unique to the user, and every email sent to it results in a status update of the user's profile.

You can already spot the problem, can't you? The scammers are going to misuse it to update the user's status with messages, photos or videos that suit their agenda - or that of the highest bidder.

Given that most users are unaware of this feature, it's easy to assume that many won't think twice about sharing the "secondary ID". In order to expedite the process, the scammers have "helpfully" written down the steps for finding it and have even made a video demonstrating how to do it.

According to Sophos, the video - hosted on YouTube - has been posted on the 5th of September, the same day that the domain hosting the scam has been registered.

But, the scammers are not content with this, and try to make the user work for them and answer a survey. In the end, they also ask for the user's home address - ostensibly to deliver the T-shirt, but actually only to get that information in order to sell it to other spammers or fraudsters.

For those users who have fallen for the scam, there is only one thing to do: reset the upload email.

In order to do that, they must log into their Facebook account, go to Account Settings, then click on the Mobile tag. A click on the "Learn more about using Facebook on your phone at Facebook Mobile" link will take them to the page from which the scammers wanted them to copy their upload email.

To reset it, they must click on "Find out more", and finally, on the "Refresh your upload email" link.