Facebook scams are getting sneakier and sneakier - with the latest attack using the lure of a free T-shirt celebrating Facebook's birthday in an attempt to steal the secret backdoor key to your account.
The offer seems attractive enough - a webpage claiming to celebrate Facebook's 7th birthday, saying that it has over 1.9 million official T-shirts in stock.
All you have to do is verify that you are a Facebook user, claims the following webpage. And this is where things get very sneaky.
The webpage tells you to visit Facebook Mobile, and find on that page the personalised email address that you can use to post status updates or upload photos and videos straight to your profile.
Many people are probably unaware that such a thing exists - but every Facebook user has a secret mobile email address they can use for this purpose.
The important thing, of course, is to keep it secret. Because if someone else finds it out, they'll be able to post status messages to your Facebook page or upload videos and photos to your wall - which your friends will be able to see.
The scammers, unsurprisingly, want your secret mobile email address for Facebook. And so they claim that you have to hand it over to verify you are a legitimate Facebook user in order to get your T-shirt.
The scammers have even had the gall to make a YouTube video showing how to find the secret email address on the Facebook Mobile page, and where to enter it on their form:
Of course, you're still hoping that you're going to receive a free T-shirt. So you may not baulk at the idea of completing a survey (which, by the way, earns commission for the scammers) and giving them your snail mail details so they can send through your free gift.
Good luck, by the way, on that T-shirt. My hunch is that you won't ever receive one. But the scammers now have the ability to post to your Facebook page and upload pictures to your account, and you have helped them earn some money in the process.
If you were hit by this scam then you must refresh your Facebook mobile upload email address - that way the bad guys you just gave it too won't be able to use it as a secret backdoor into your account.
If you don't change your mobile email address on Facebook, you're just asking for trouble. In the past, Facebook pages such as that belonging to the Van Gogh Museum have been hit by scammers who abused the mobile upload feature.
It would be great, of course, if there was a way of telling Facebook to not allow any email address to be used for mobile uploads, as I would imagine that many individuals and companies would find the permanent blocking of the feature attractive.
If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest issues.
nb : nakedsecurity.sophos
Tidak ada komentar:
Posting Komentar