While they are on Facebook they are being asked to click on what looks like a link to news entitled "First Exposure: iPhone 5."
The link points to a web address which promises to tell you the latest news about the coming shiny iPhone 5 and points you to a Web address of "greatlakesnews.info."
However clicking on the link takes you to a different Web page, which provides a captcha window where you're asked to verify a word, with the idea of confirming you are not a bot.
This should be a big red flag to the user. Why would a news site care if you were a machine or not? However it seems that the scam depends on the fact that Apple users are used to being told what to do.
They fill in the captcha and a message is posted to their Facebook stream notifying all their friends that they commented on the item and providing them with the bogus iPhone 5 link.
Then you're asked to choose from a list of items that then lead to one of those stupid surveys for a marketing outfit.
In the world of security it is called clickjacking, but the Apple fanboy who told us about it does not see it as a problem with his shiny gadget. He said that the problem would effect a Windows phone just as easily as his Jobs' Mob toy, although he admitted that a Microsoft fanboy probably would not have been dumb enough to be lured to a site with the promise of iPhone 5 information.
Our tame fanboy denied it was a security flaw, after all only Microsoft suffers from those. It looks like the clickjackers have worked out that the biggest security hole in Apple gear is the users themselves.