Free iPhone rogue applications run riot on Facebook, warns Sophos

Sophos Press Release

Offer of a "free iPhone" tempts Facebook users into allowing access to their profiles

IT security and data protection firm Sophos is warning Facebook users about messages currently circulating on the social network claiming that friends have received free iPhones. These messages, which have been spreading widely since Sunday, invite others to participate in the scheme, however the messages are being sent by rogue applications that users have allowed to access their profiles and post messages to their walls.

Messages appear as status updates and many read:

Just testing Facebook for iPhone out :P Received my free iPhone today, so happy lol... If anyone else wants one go here: <LINK>

Or:

Anyone want my old phone? Claimed my free iPhone today, so happy lol... If anyone else wants one go here: <LINK>

Facebook users who click on the link advertised by their friends are then asked if they want to "Allow" this application to access their basic information. Participants who allow this are then redirected to a webpage which will earn commission for the spammers behind the scam.

iPhone rogue application on Facebook

"If you've fallen for this trick, I wouldn't hold your breath waiting for a new iPhone," said Graham Cluley, senior technology consultant at Sophos. "Facebook users need to learn to think before they "like" and "share" suspicious pages on Facebook. Just because something appears on a friend's wall, it doesn't mean that it is from a reliable source, and by giving unknown applications access to your Facebook page, you could unknowingly continue to help to spread scams and earn cash for the spammers."

Impacted users should delete references to the free iPhone scam from their wall, and remove the offending application from Account/Application Settings.

More information about the attack can be found on Graham Cluley's blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.