Free 150 FB Credits? Latest Facebook scam spreads its tentacles wide

Graham Cluley
Graham Cluley
@[email protected]

We’re seeing another wave of the free Facebook credits scam spreading amongst users of the social network.

Facebook Credit messages

Messages reading

One time offer! Win FREE 150 FB credits for your top games NOW! Limited copies left! : [LINK]

Sign up to our free newsletter.
Security news, advice, and tips.

are appearing on users’ Facebook newsfeeds.

Clicking on the links can take you to webpages that encourage you to “act now” to claim your free 150 Facebook credits. (If you’re not a devotee of some of Facebook’s online games you may not realise that Facebook credits are a virtual currency that can be used to purchase virtual goods in many games and applications on the site. You can purchase Facebook Credit gift cards in stores such as Target, Walmart, Best Buy and RadioShack in the USA).

Free Facebook Credits

Free Facebook Credits

Games on Facebook are a big business, meaning that there is a sizeable market for Facebook Credits. As such, it’s not surprising to see scammers use the lure of free Facebook Credits as a lure for unsuspecting users.

If you are tempted to apply for your free credits you are asked to permit a third-party application to have access to your Facebook profile.

Rogue application requests permission

Giving the app permission to access your profile, means that it can access your list of friends, post messages to you wall, and even email you at your private email address, amongst other things.

Hopefully now you’re beginning to see how this could go wrong.

The scammers then present an all-too-familiar CPALead survey, which earns them commission in the form of affiliate money. You will also be asked for your name, full address, telephone number and full date of birth. Is this really the kind of information you should be sharing with complete strangers?


And behind the scenes, the application has been hard at work – posting messages into your newsfeed, hoping to ensnare your Facebook friends into also clicking on the link and spread the scam further virally.

Compromised Facebook newsfeed

Don’t give scams like this the time of day – always think twice before clicking on links, even if they seem to have been shared with you by your online Facebook friends.

In particular, you should always be suspicious whenever a third party application requires to access their profile without a legitimate reason.

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

Revoke application permissions

Don’t forget to spread the word, warning your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.