Facebook users are obvious targets because not only can they fall for such a scheme, but they can also easily be tricked into sharing it with their friends.
The latest of this scams starts with a message saying "Hey friends, I got a $1000 Gift Card from WALMART asa Christmas Gift! Get it right away! [LINK REMOVED]".
According to Facecrooks, those who follow the link land on a page reiterating the gift card offer and enumerating the steps they have to go through in order to be eligible for the offer:
If they do it, they effectively provide their authentication tokens to the scammers. Also, once they log into Facebook, they are asked to install a bogus app called "My Local Walmart".
The app's access to their account is then used to push out to their friends the aforementioned message, which starts the whole malicious cycle once again.
Users who have fallen for the scheme are advised to delete the offending message from their newsfeed and remove the bogus app from their account.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.