There’s a great writeup on the Bobijou phishing scam over at Purple Car.

This scam popped up on Facebook this week. I saw it on my profile this morning. The scam looks harmless enough. A friend of yours has posted what appears to be a video of a laughing baby on your Facebook Wall. Clicking the link will trigger most modern browsers to throw up a phishing site warning.

Do not click on this link! Simply delete the post. Your friend is not a spammer. Their account was likely highjacked. Be a good friend. Tell them their account has been highjacked and encourage them to change their password, log out and back in under the new password.

TIP: Many of these scams originate in Eastern Europe and English is not their first language, hence the poor grammar and occasional misspellings.

Two weeks ago, a particularly nasty scam made the rounds on Facebook and according to sources, has not been stopped by Facebook yet. It’s called, “WOW IT WORKS” and is delivered via Facebook’s Events app.

I myself, was hit by it on my own Facebook page. I hadn’t been on the page all day but started receiving dozens of texts from friends that I was spamming them.

Here’s how the scam seems to work:

1. A victim (in this case, me) is randomly chosen from Facebook. Well, not quite randomly. It seemed to target members with more than 1,000 friends.
2. The victim’s name is added to the WOW IT WORKS app as a creator on Facebook’s Developer section.
3. The victim’s name is used to send out an invite to a fake event called WOW IT WORKS. The invite is sent to all of the victim’s friends; in my case, over 1,300 people received the scam invite.
4. The victim’s name is shown on the event as “attending”.
5. The event location is a short URL to a scam Web site that will infect the user’s machine with malware.

TIP: Always check the link and reviews of any app before adding it. If an app has thousands of players, but only a few fans, or hundreds of negative reviews, it’s a scam. It did not come from your friend. Your friend’s account was either unknowingly compromised, or they were tricked by it as well.

 

Have you seen this scam on Facebook? How did you react?

A strange email scam is making the rounds. It appears to be coming from Evite.com, but none of the recipients know the sender. Sounds like it could just be a case of mistaken identity, but there’s more to it. People who have received the emails have received several in a row, each one addressed to a different person about a different event. The links go to a 404 error page not run by Evite.com.

We’ve only heard of small numbers of people receiving this and no damage has been reported, but we’re keeping our eyes on this one.

Another click-jacking scam has surfaced on Facebook. Click-jacking scams like this are getting more clever and harder to detect each week. Unlike the previous farmville cash scam, this one is bold enough to use the copyrighted name and graphics. This makes it all the more insidious as thousands of FarmVille players will unknowingly click on this, assuming it to be legitimate.

Here’s the attribute to watch out for:

1. Despite the proper spelling and artwork this time, the scammers still gave a huge clue: FarmVille has a capital ‘F’ and ‘V’. Their version is all lowercase.
2. No logo on the “Allow Access” screen
3. Hundreds of negative reviews, but only two fans.
4. The “Allow Access” screen says that farmville is for “Sending buildings to friends.” Since when?

TIP: Always check the link and reviews of any app before adding it. If an app has thousands of players, but only a few fans, or hundreds of negative reviews, it’s a scam. It did not come from your friend. Your friend’s account was either unknowingly compromised, or they were tricked by it as well.