We've seen a number of phishing attempts targeting users of Facebook, and just like the campaign we've seen in February last year, the scammers have used the Apps feature. The pages you're about to see below originated from one account, specifically:
[gallery type="slideshow" ids="8543,8544,8545,8546,8548"]
These phishing pages range from securing one's Facebook account, to changing its colour, to grabbing a thousand or more friends—a lure that we've see used over and over again in other social sites like Twitter and Instagram.
Anyone online can end up on these dodgy app pages as whoever is behind these individual campaigns have made it a point to widen his/her net, in the hopes of catching a lot. Some of the methods we've seen him/her use are email, social media posts, Pastebin entries, and gaming forums to name a few.
[gallery type="slideshow" ids="8537,8538,8539,8540,8541"]
If you have come across any of the Facebook app pages we've shown above and, thinking they're real, given up your credentials, please update your password immediately. You may also want to familiarize yourself and take advantage of Facebook's two-factor authentication for added security for your account.
Lastly, we suggest you follow the Facebook Security page for announcements related to security within the network and our official Malwarebytes Facebook page for the latest company news and posts on in-the-wild threats.
As for the rest of us, please refrain from visiting these phishing pages and clicking spammy posts on public sites.
We have already reported the aforementioned App profile to Facebook
Other important links: