Birthdays, anniversaries, 9/11 memorials — no matter what you're commemorating, Facebook scammers will be right there, looking for a way to do their worst.
In this case, con artists are using the promise of a free birthday T-shirt to worm their way into your Facebook account.
Spotted by researchers at the security firm Sophos, the new hoax comes in the form of a genuine-looking Web page celebrating Facebook's seventh birthday. The page shows the number "7" with a candle atop it, and all you have to do to redeem "your official T-Shirt" and join the party is to — you guessed it — "Click Here."
The scam gets more intricate from this point on. The next page, called "Facebook Verification Process," instructs users to open their secret Facebook Mobile page at www.facebook.com/mobile and copy their "Secondary ID" — a nine-digit, case-sensitive email address that ends with @m.facebook.com — into their browser.
Every user has a Facebook Mobile page allowing them to post content to their profile from their mobile phone, Sophos' senior technology consultant Graham Cluley explained.
"The most important thing, of course, is to keep it secret," Cluley wrote. "Because if someone else finds it out, they'll be able to post status messages to your Facebook friends or upload videos and photos to your wall — which your friends will be able to see."
While that's certainly not as damaging as other recent Facebook scams capable of crippling users' computers, it could be a huge hassle if someone had unfettered access to your account.
To ensure you fall right into their hands, the people behind this scam even made a YouTube tutorial instructing would-be victims on how to find their mobile ID.
Sophos said that if you already were suckered in by this scam, "you must refresh your Facebook Mobile upload email address" to prevent the scammers from using it to access your account.
Because Facebook is such a hotbed for cybercrime, it's important to exercise good judgment and be suspicious of any "free" or "exclusive" offers; more likely than not, they are ploys to get you to hand over your account details.