A few days ago, we encountered the teen celebrity FaceBook survey scam. This scam appears on your wall when any of your friends click a link. Several appeared on my wall a few days ago. The scam is discussed in good detail by Graham Cluley on nakedsecurity.sophos.com. This scam has been around since last fall. According to another related article, the photo was one of several stolen when a computer on which the teen celebrity had private information was hacked.
You should be able to click the link and in the App Permissions dialog box that opens refuse to let the app have at your private data: contrary to the information on sophos, the scam now DOES NOT go through the Application Permissions dialog — it has circumvented it and trees off to another web page. We initially reported the SPAM to FaceBook with the link under the X button that appears in the upper right corner of every post when your mouse passes over the post. Looking at the source code for the post lead us to ping a particular URL, which showed us that the scam was running from a server farm in Dallas Texas, which shall remain unnamed for now as finally they have started to cooperate in shutting down this scam instead of facilitating it.
We take extreme exception to the fact that they still refuse to block a picture of the 15 year old girl wearing only her panties about her hips, especially when the security staff of that hosting company admitted that they knew that the picture was pirated intellectual property. We feel that this puts that hosting company in the position of receiving stolen property. Tests today revealed that this hosting company finally has blocked the scammers to some degree. They moved to another IP on the same hosting company, but that got blocked also, so maybe the scammers will be forced to move to another hosting company, and another, and another.
HOWEVER I now have found a way that DOES shut it all down, the criminals cannot get around it, and all it requires is the participation of you, the FaceBook customer.
So be sure, be cynical, and practice safe software.