Finally got that iPad? Facebook users hit by ‘via mobile web’ spam

We’re seeing a growing number of Facebook accounts that appear to have been compromised by spammers, with messages posted claiming that the user has received a free Apple iPad.

Finally got my iPad scam on Facebook

Messages include:

Finally got my iPad from that site!
5 days ago I signed up at [LINK] as a tester and today I got my iPad. All you need to do is to tell them your opinion about iPad and you can keep it forever. You should hurry since i highly doubt this is gonna last forever.

Sign up to our free newsletter.
Security news, advice, and tips.

or

I finally got that ipad I ordered at [LINK] as a product reviewer and today received it in my mailbox. All you need to do is tell the site your opinion about ipad and then u can keep it forever. You should be quick because I doubt this will last forever.

As the world is widely anticipating that Apple will announce the iPad 2 in San Francisco today, it’s likely that there are plenty of people who would be interested in testing the popular tablet computer – especially if there is the possibility of receiving a free one!

Clicking on the links, however, is unlikely to bring you to a genuine webpage offering you a free iPad. Instead, when I tried the links, I was taken to a site asking me to hand over my credentials to an affiliate rewards program, giving me the “opportunity” to earn extra cash by taking surveys.

In other words, these messages are spam – and were not posted knowingly by the owners of the affected Facebook accounts.

What’s interesting about the messages is that many of them appear to have been posted via the mobile version of Facebook’s website (marked as “via mobile web”), that is most often used when people access the site via their cellphones.

It isn’t clear to me whether these accounts have fallen victim to phishing attacks, or if a specific weakness is being exploited in Facebook’s mobile interface, but it would seem to me to be sensible for affected users to scan their computers for security problems and change their Facebook passwords.

In addition, make sure that your privacy settings are properly secured by checking out our best practices for better privacy and security on Facebook guide.

Make sure that you keep informed about the latest scams spreading fast across Facebook, and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.