Facebook has removed an app called "Verify Your Account" that attempted to trick people by posing as an official Facebook message.
"This app has been disabled," a Facebook spokeswoman confirmed via email. "We take action against apps that violate our platform policies as laid out here: https://developers.facebook.com/policy/, in order to maintain a trustworthy experience for users."
A colleague got a notification from a friend that said "(Friend's name) sent you a request in Verify Your Account." When he clicked the link a window popped up purporting to be from Facebook that warned users that their accounts would be terminated unless they verified them before June 20 to avoid scams "under the SOPA" -- aka the Stop Online Piracy Act, a proposed measure that has nothing to do with online privacy or accounts on Facebook, and which is also going nowhere in Congress.
A friend of my colleague had unwittingly distributed the spam link after clicking on the "Verify Your Account" button and then clicking another button that he said appeared under a list of his Facebook contacts. By clicking the buttons he had inadvertently given the app permission to access his account and spread the spam message to all of his contacts.
I asked the Facebook spokeswoman what else the app did behind the scenes and how long it had been on the site, and she said "We don't have anything specific to share beyond" the previous statement.