Facebook users are obvious targets because not only can they fall for such a scheme, but they can also easily be tricked into sharing it with their friends.
The latest of this scams starts with a message saying "Hey friends, I got a $1000 Gift Card from WALMART asa Christmas Gift! Get it right away! [LINK REMOVED]".
According to Facecrooks, those who follow the link land on a page reiterating the gift card offer and enumerating the steps they have to go through in order to be eligible for the offer:
If they do it, they effectively provide their authentication tokens to the scammers. Also, once they log into Facebook, they are asked to install a bogus app called "My Local Walmart".
The app's access to their account is then used to push out to their friends the aforementioned message, which starts the whole malicious cycle once again.
Users who have fallen for the scheme are advised to delete the offending message from their newsfeed and remove the bogus app from their account.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.