As the end of the National Basketball Association (NBA) season approaches, security researchers are warning Facebook users about a spam campaign thriving off of mounting interest in the final games.
Satnam Narang, a security response manager at Symantec, started to see on Sunday a malicious campaign consisting of messages falsely advertising free streaming videos of this week's live finals.
The spam also includes a link to a Tumblr page hosting the “live streams,” where users are instead asked to install a Facebook application called “NBAFinals.” This app asks users to access their Facebook profile information, including their friends list and email address – and even posts messages on their timeline, further spreading the spam.
Scammers make money from the campaign by redirecting users from the Tumblr page to a plugin install page where affiliate advertisers track traffic.
According to Symantec, Tumblr has removed the pages used in the scams. The security firm also reported the campaign to Facebook.