"Facebook scams are getting sneakier and sneakier - with the latest attack using the lure of a free T-shirt celebrating Facebook's birthday in an attempt to steal the secret backdoor key to your account.

The offer seems attractive enough - a webpage claiming to celebrate Facebook's 7th birthday, saying that it has over 1.9 million official T-shirts in stock.

All you have to do is verify that you are a Facebook user, claims the following webpage. And this is where things get very sneaky.

The webpage tells you to visit Facebook Mobile, and find on that page the personalised email address that you can use to post status updates or upload photos and videos straight to your profile.

Many people are probably unaware that such a thing exists - but every Facebook user has a secret mobile email address they can use for this purpose.

The important thing, of course, is to keep it secret. Because if someone else finds it out, they'll be able to post status messages to your Facebook page or upload videos and photos to your wall - which your friends will be able to see.

The scammers, unsurprisingly, want your secret mobile email address for Facebook. And so they claim that you have to hand it over to verify you are a legitimate Facebook user in order to get your T-shirt.

The scammers have even had the gall to make a YouTube video showing how to find the secret email address on the Facebook Mobile page, and where to enter it on their form:
Spoiler video:

The above video is made by a YouTube user called "vicsthedevil" and we have to assume that they are intimately involved in the scam. They posted the video on 5 September, the same day that they registered the website domain name where they are hosting their scam.

Of course, you're still hoping that you're going to receive a free T-shirt. So you may not baulk at the idea of completing a survey (which, by the way, earns commission for the scammers) and giving them your snail mail details so they can send through your free gift.

Good luck, by the way, on that T-shirt. My hunch is that you won't ever receive one. But the scammers now have the ability to post to your Facebook page and upload pictures to your account, and you have helped them earn some money in the process.
Facebook birthday T-shirt scam steals secret mobile email addresses | Naked Security

Refer too to Sophos Facebook's page