‘Claimed my free iPhone’ spam swamps Facebook

Graham Cluley
Graham Cluley
@[email protected]

Scammers continue to make a mockery of Facebook security, with social networking accounts being abused to spread messages about “free” iPhones.

Claimed my free iPhone

Claimed my free iPhone today, so happy lol... If anyone else wants one go here <LINK>

The messages have been appearing on the site for at least the last 12 hours, and are showing no signs of respite. And they’re just the latest incarnation of an attack that we have seen successfully impacting the site since the weekend.

Sign up to our free newsletter.
Security news, advice, and tips.

If you do click on the link you will be taken to a “make money fast” website.

Make money fast website

Sorry folks, there’s no indication that you’re going to get a free iPhone – but it sure was an effective way to make you click.

Interestingly, this latest batch of messages are say they were posted “via Email”. That’s the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).

Upload email

Is it possible that the facility has been compromised, and scammers have found a way to update folks’ statuses just by sending an email message directly to their walls? Or have the cybercriminals managed to get their paws on a database of upload email addresses through which they they can now relay their spam messages?

Learn to think before you click on links on Facebook, if something sounds too good to be true, it probably is. If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.