A local security expert is dumbfounded by the ease in which a fake Twilight: Breaking Dawn game application has spread across Facebook, and has warned Australians to be less trusting when it came to approving applications on the social networking site.
Sophos Asia Pacific head of technology, Paul Ducklin, told Computerworld Australia that the scam presents an image from Twilight and entices the user to click a 'play now' button. However, hiding behind the button is a 'like' link, which spreads a rogue application virally across Facebook.
The scam continues with users presented with a dialogue box, asking them to grant permission for a third-party application to access their account and post messages, updates and photos to their wall.
"Having gained the ability to post to your Facebook account, the scammers then present the final piece of the jigsaw: An online survey which earns them affiliate commission for each person who completes the questionnaire," Ducklin said.
The survey encourages people to complete it with the chance to win a flat-screen TV, first-generation iPad or Macbook,
"The other problem is that people go into the surveys assuming that there is no risk," Ducklin said.
"They may think 'I'll put in some bogus data and I might win an iPad, what the hell', but with those surveys you have to give some legitimate information, such as an email, if you suspect you might win.
"So you'll probably expect to get a whole lot of unwanted emails to that account."
Ducklin also warned that cyber criminals could come back later with the application and mine the user's Facebook account or post information to their friends.
The Twilight example highlighted research conducted by Sophos a year ago, which revealed some Australians were still not very savvy when it came to Facebook scams.
"We first conducted research in the United Kingdom in 2007, where we sent out 200 friend requests asking people if they wanted to be friends with a plastic frog," Ducklin said. "About 45 per cent of the people clicked yes.
"We repeated the experiment at the end of 2009 in Australia, which involved sending out friend requests from a duck and a cat.
"Unfortunately, the research came back with worse results than the UK market."
He advised Facebook users go and check what applications they have approved to have access to their account.
"People should remove any that they are not absolutely certain about," Ducklin said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.