According to media reports, Australian Google employee Karina Wells received a message on the social networking site, which appeared to be one of her friends. Claiming to be stranded in Nigeria, the fake friend asked for money for a ticket home.
Wells apparently realised the message was fake because the scammer used "cell phone" instead of "mobile phone." She reported the message and the fraudster's wire transfer details to Facebook.
In a blog post, Graham Cluley of security firm Sophos said this "is just the latest skirmish in an ongoing battle taking place between cybercriminals and Facebook users. We're seeing more incidents of unwanted adverts and malicious links being spammed to Facebook users from their friends' compromised accounts."
He added that scammers like using social networking sites because the fraudulent messages are more likely to get past junk mail filters and land in accounts, as they come from valid IP addresses and feature valid header information.
A spokesman from Facebook told IT PRO: "Only a small percentage of Facebook users have been affected by recent attacks. We are updating our security systems to minimize further impact, including resetting passwords on infected accounts and clearing out malicious content."
He added that more details on keeping safe on Facebook were available at the site's security page.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.