Facebook Data Theft Scam Targets Whole Foods Fans

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
The latest malware trap on the popular social networking site promises a $500 gift card to the upscale grocery store. But all you really get is your personal data exposed.

Facebook and Whole Foods Market are scrambling to prevent fans of the upscale grocery chain from falling for yet another malware ruse on the popular social networking site.

First discovered Thursday, the scam purports to offer a free $500 gift card to the Austin, Texas-based grocery chain and has been spreading virally through Facebook's "fan pages," infecting an unknown number of users' PCs and mobile devices.

The bogus gift card offer has exploded throughout Facebook's "fan pages," conning users into filling out a credit assessment form that exposes the gift-card seeker's personal information before crashing their computers.

Security software developer Sophos, which earlier this year issued a reporting calling social networking sites like Facebook and Twitter the most serious security risks to enterprise data, said this latest scam serves the dual purpose of eliciting personal information and creating a never-ending supply of new marks.

"It's becoming far too easy for fraudsters to create bogus pages on Facebook claiming to present companies or individuals," Graham Cluley, a senior technology consultant at Sophos, wrote in a blog posting.

"Even though it's against Facebook's terms and conditions to do this, the onus is on individual users to report suspicious pages rather than for page creators to prove their credentials at the point of creation," he added.

Facebook is advising users to follow the security recommendations found on its security page.

Whole Foods meanwhile is using both its legitimate Facebook page and its twitter account to eliminate any confusion and warn customers of the fast-spreading malware hoax.

"Please be wary of Facebook Pages offering you $500 Whole Foods Gift Cards," the company advised on its Facebook page. "We only run giveaways and promotions on this Facebook Page and our stores' Pages."

Earlier this month, Facebook was targeted by phishing agent stashed inside an unsolicited e-mail that tricked users into resetting their usernames and passwords.

The attachment featured a password stealer that made available any and all online usernames and passwords stored on the user's computer or mobile device.

Sophos' February report found that 72 percent of more than 500 companies surveyed said they think social networking sites like Facebook and Twitter pose serious risks to their data.

Sixty percent of respondents said Facebook was their most feared social networking sites, followed by MySpace at 18 percent, Twitter at 17 percent and LinkedIn at 4 percent.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.