Discovered by Kaspersky Lab Expert David Jacoby, a complex Facebook phishing scheme first obtains access to a user’s Facebook account through standard phishing methods. Once the scam artist gains access to any account, they change the user picture to the Facebook logo or icon and alter the user’s name to “Facebook Security” that contains specific ascii characters to replace a few select letters. While pretending to appear as an official Facebook account, the scam artist initiates a chat dialogue with all friends to that account and posts a link that states “Your Facebook account will be turned off because someone has reported you. Please do re-confirm your account security by: ‘Insert Link’ Thank you, The Facebook Team.”
The phishing link leads the user to a page outside of Facebook that’s been designed to appear similar to a typical Facebook entry form. The first page includes such fields as name, email, Facebook password, email password and security question. If a user enters all the information and clicks confirm, the next page asks the user for the first six digits of their credit card number to confirm identity. If a user continues and clicks confirm again, they will be prompted to update “Facebook” with current credit card information including name, billing address, full credit card number, expiration date and the security code that goes with the card.
Officials at Facebook are reported to be looking into this version of a phishing attack. Another recent attack pretends that Facebook has teamed up with Apple to give out free Apple products such as the iPad 2 or the iPhone 4S. Claiming to be Mark Zuckerberg within the Facebook message, Facebook users are asked to provide personal information as well as financial information to cover a shipping and handling fee for the free prize.
- Microsoft Security reports a massive increase in malicious phishing scams
- A Facebook, Instagram bug exposed millions of passwords to its employees
- In latest blow to Facebook, 540 million user records exposed by third-party apps
- Facebook says it unintentionally uploaded email contacts of 1.5 million users
- 500px reveals almost 15 million users are caught up in security breach