Hoax-Slayer has spotted an ongoing Facebook campaign that combines a well-known (but obviously still effective) lure and a trick that has been around for a good while, but not very lately.
The lure is a fake Facebook Profile Viewer app, and the scammers are impersonating the social network and are trying to convince users that they are now required to show them who has been viewing their profile:
But in order to be allowed to install the app, the users are told they must generate an "age verification code." Unfortunately, the instructions lead to them sharing their Facebook authentication token with the scammers, who then misuse it to gain temporary access to the victims' accounts and use it to spread more of the same scam messages on Facebook.
The victims are also urged to complete several online surveys in order to get access to the app.
"Some of the 'survey' pages ask users to provide personal information including name, address and contact details. Others invite them to download dubious toolbars, games or software. Still others will claim that users must provide their mobile phone number - thereby subscribing to absurdly expensive text messaging services - in order to proceed. In reality, the profile viewer app does not exist," warns Hoax-Slayer. "No matter how many times victims 'verify' their age or how many surveys they participate in, they will never get to see who has viewed their profile."
This type of scam is just one of the many regularly recycled on Facebook. If you want to know more about the others - and how to avoid them - I suggest you check out this piece I wrote earlier this year.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.