Computerworld Philippines :: Industry Bulletin :: New Facebook phishing attack “In the wild” warns Kaspersky Lab

Peer Perspective. IT Leadership. Business Results

New Facebook phishing attack “In the wild” warns Kaspersky Lab

By Computerworld Philippines Staff
February 8, 2012

Kaspersky Lab, a leading developer of secure content and threat management solutions is warning Facebook users of a new form of phishing which, tries to steal not just their Facebook credentials but also their credit cards information.
“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website,” says Kaspersky Lab security expert David Jacoby.
“It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ASCII characters replacing letters such as “a” “k” “S” and “t”,” Jacoby explained.

Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:

“Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vu
Thank you. The Facebook Team”/

When a victim clicks on the link, he will be redirected to a website that looks and feels like Facebook’s own website. The fake Facebook site then asks the victim to provide personal information such as name, email address, password, webmail system, among others.

When submitting this form, the details will be sent to the attacker who can automatically login to your Facebook account and compromise it.

After filling up these details, the victim will be asked for final identity confirmation with a payment and by having the person give his or her credit card information.

Jacoby advises Facebook users to be aware of such threats to avoid becoming victims.

“These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social media. It is also recommended that you contact your security vendor and the social media vendor if you encounter these sites,” he said.

Possibly Related Posts: