This, in turn, makes this type of scam profitable for its creators. "Running a credit card affiliate scam is going to get you anywhere from $5 to $20 for each person you get to sign up for a credit card," according to Peck.

Combining social media savvy with old-school phishing, rogue Facebook apps attempt to trick users into revealing personal data. One of the most common, according to Peck, is an attack that warns users that their Facebook account will be shut down unless they "verify" their information using the app. A version of this appears roughly once a month, he said, and it snags hundreds of thousands of victims each time.

Rogue apps, Peck said, often have permissions settings that "go a little too far." An app that asks for permission to "manage my pages" should be regarded with suspicion, he noted.

"If [malware pushers] happen to con someone into installing this app that manages a large and popular page, that's a malware free-for-all," he told the crowd.