Finally got that iPad? Facebook users hit by ‘via mobile web’ spam

We’re seeing a growing number of Facebook accounts that appear to have been compromised by spammers, with messages posted claiming that the user has received a free Apple iPad.

Finally got my iPad scam on Facebook

Messages include:

Finally got my iPad from that site!
5 days ago I signed up at [LINK] as a tester and today I got my iPad. All you need to do is to tell them your opinion about iPad and you can keep it forever. You should hurry since i highly doubt this is gonna last forever.

or

I finally got that ipad I ordered at [LINK] as a product reviewer and today received it in my mailbox. All you need to do is tell the site your opinion about ipad and then u can keep it forever. You should be quick because I doubt this will last forever.

As the world is widely anticipating that Apple will announce the iPad 2 in San Francisco today, it’s likely that there are plenty of people who would be interested in testing the popular tablet computer – especially if there is the possibility of receiving a free one!

Clicking on the links, however, is unlikely to bring you to a genuine webpage offering you a free iPad. Instead, when I tried the links, I was taken to a site asking me to hand over my credentials to an affiliate rewards program, giving me the “opportunity” to earn extra cash by taking surveys.

In other words, these messages are spam – and were not posted knowingly by the owners of the affected Facebook accounts.

What’s interesting about the messages is that many of them appear to have been posted via the mobile version of Facebook’s website (marked as “via mobile web”), that is most often used when people access the site via their cellphones.

It isn’t clear to me whether these accounts have fallen victim to phishing attacks, or if a specific weakness is being exploited in Facebook’s mobile interface, but it would seem to me to be sensible for affected users to scan their computers for security problems and change their Facebook passwords.

In addition, make sure that your privacy settings are properly secured by checking out our best practices for better privacy and security on Facebook guide.

Make sure that you keep informed about the latest scams spreading fast across Facebook, and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.