Take for example a recently uncovered bogus Facebook account hacking service targeting French-speaking users.
According to Joshua Long, the crooks behind the scheme have been dropping links to the website allegedly hosting the service all over the Internet, including in comments on popular blogs.
Users who fall for the scheme land on the website that first offers account hacking, then an account recovery service, and finally a Facebook penetration testing tool - all on the same page.
In order to use any of these services, the users are urged to sign up and log in, and the crooks are probably betting on the fact that many users recycle their login credentials time and time again.
In addition to this, the victims are asked to pay for the service by sending two SMS messages to what seems to be a premium service number. Long discovered that each SMS cost the victim €4.50, and the other problem is that the crooks now know their cell phone number which will surely be added to a spam list.
"So the moral of the story is that you should never trust sites that claim to let you hack into someone’s account (or, for that matter, any sites that are advertised via spam)," he points out.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.