These messages, which have been spreading widely since Sunday, invite others to participate in the scheme, however the messages are being sent by rogue applications that users have allowed to access their profiles and post messages to their walls.
Messages appear as status updates and many read:
“Just testing Facebook for iPhone out :P Received my free iPhone today, so happy lol... If anyone else wants one go here: ”
“Anyone want my old phone? Claimed my free iPhone today, so happy lol... If anyone else wants one go here: ”
Facebook users who click on the link advertised by their friends are then asked if they want to “Allow” this application to access their basic information. Participants who allow this are then redirected to a web page which will earn commission for the spammers behind the scam.
“If you’ve fallen for this trick, I wouldn’t hold your breath waiting for a new iPhone,” said Graham Cluley, senior technology consultant at Sophos. “Facebook users need to learn to think before they “like” and “share” suspicious pages on Facebook. Just because something appears on a friend’s wall, it doesn’t mean that it is from a reliable source, and by giving unknown applications access to your Facebook page, you could unknowingly continue to help to spread scams and earn cash for the spammers.”
Impacted users should delete references to the free iPhone scam from their wall, and remove the offending application from Account/Application Settings.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.