With Valentine's Day round the corner, cybercriminals are once again "cashing in" on the commercialization of the event, hoping to scam unsuspecting Facebook users.
A new entry on Sophos' Naked Security blog warned that rogue apps with names such as Valentine's Day and Special Valentine have been making rounds in the social media site, tricking users to involve their friends in the scam.
Senior technology consultant Graham Cluley said the modus operandi of these apps was to get users to click on the splash screen, which would then display a teaser, claiming it would send a poem to the selected friends.
But what the apps are really after, are personal information of users who unknowingly "Allow" them access, warned Cluley. The apps would then post messages on the user's wall, luring his or her friends to complete an online survey which was disguised as a "Facebook Anti-Spam Verification" dialog box. The scammers earn commission for every completed survey.
The security expert also cautioned that in the past, cybercriminals are known to have sent rogue Valentine's Day e-cards to spread virus on computers, hence called for users not to let their guard down.
Cheap spam tool
Separately, Symantec engineers have detected a popular viral Facebook application toolkit known as NeoApp that allows one to create applications for the social network. The toolkit guides the 'developer' to, for example, place links to funny videos and where to put the survey links in order to maximize cashback.
Once a user installs the applications created with the toolkit, the cybercriminal can send messages to unsuspecting users and friends through statistic pages and easy-to-use templates, the security vendor warned in a blog post.
With the app priced at US$50 or less, it "pretty much allows anyone, even those without coding skills, to create a fast-spreading viral message on Facebook", Symantec's Candid Wueest said.
According to him, the app will also have access to affected user's private data, such as personal e-mail address, and "administrators" controlling the app will be able to send convincing spam mail.
Wuesst added that the app itself and what it does are against the usage policy of Facebook.
He advised that there is no need to install an application just to see images, and users of the social media site should always excercise vigilance when an app requests access to personal information.