This morning I was greeted with what looked like a very cool offer from someone that has never reported any type of scam or spam that I can remember. It was also posted directly to my wall. I clicked on the link and a popup that seemed to indicate that I would not have to share any info with the business showed up. Eventually you end up on a site called battlefield3.gamec0de where you have options to download the code for origin, PS3 and Xbox 360. Clicking on any of them brings you to an instruction page they direct you to click on the “Get Access Token Button after you like the original Facebook Page (Free-Gaming-Arena). Clicking on that takes you back to Facebook where you will see it asking for permission to post on your wall including status updates, photos and more. This is the hook and the scam. If you click Allow you have just singed up to be a spammer for this particular site.
So far I have seen well over 100 of posts about this particular scam so I know that many people bought into it. While we can say shame on them for granting this particular app to post on their behalf we also have to say shame on Facebook for even allowing this possibility in the first place. Why on earth is there an option to grant this to developers? We have already reported the site, but it is still going strong as of this writing. This is another example of a socially engineered bit of malware at its finest. Right now the Malware does not do more than turn you into a spammer on Facebook, but this might not always be the case, it is entirely possible to spread other and much more dangerous malware through this system and we fully expect to see this happen in the near future unless Facebook makes some massive changes.
For those that did get caught up with this you can revoke this app’s permissions by going to app center and clicking on my apps. Find the free-gaming-arena app and delete it. You will no longer be a spam bot for them at that point.
Discuss this in our Forum