Users of Facebook may see updates in their friend’s feeds about a new Twilight game for Facebook. The link opens a believable splash page for a Twilight game. However, when the user clicks the “Play Now” button, the click-jack occurs and the user has inadvertently “Liked” the original link and spread the click-jacking link to their friends.
The second part of the scam involves getting access to your account. After clicking “Play now” the supposed game asks for permission to access basic information and to post to the user’s wall. Since this is standard practise for most Facebook games, many people are allowing the application to have access to their account. The scammers can now post many updates to the user’s friends via their Facebook wall.
The third part of the scam is intended to make money for the scammers. After allowing the application to have access to your account, the application asks you to verify yourself by completing an online survey.
Due to the three-part nature of the scam, there are several steps required to remove it from your Facebook account:
- Remove the scam’s Facebook page from your “Liked” pages.
- Remove the application from your approved applications.
- Remove all of the posts from your wall.
Online survey scams are frequently seen on Facebook these days, since it’s a quick way for the scammers to make money from the virality of the scam. They’re usually coupled with a Facebook application which makes the scam look more legitimate.
Security threats via click-jacking are also becoming more frequent on Facebook as many people don’t protect themselves against script-based hacks and any users who have been affected accidentally spread the click-jacking link very quickly throughout their network of friends on Facebook.