According to a report from the Kaspersky Lab, a new phishing attack on Facebook has been discovered that primarily attempts to steal account information of Facebook users and compromise the account. The attackers then attempt to gather the financial information including credit card data and other sensitive information from the victim.
According to Kaspersky Lab’s David Jacoby, the attackers are not just tricking users to visit a phishing site, but are trying to scare them by sending them warning messages by using a fake “Facebook Security” account. The compromised accounts will be used to steal available personal information and then change both the profile picture and name to try the trick on other Facebook users.
The profile picture will be changed to the Facebook logo and the name will be changed to “Facebook Security” with special ASCII characters replacing the letters such as “a” “k” “S” and “t”. Here is a screen shot of the message sent from a fake account -
The message – “Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: [LINK] Thank you. The Facebook Team,” is used as a warning message sent to users via Facebook Messages and Facebook Chat.
The link used in the message leads users to a phishing site. When we tried opening the page using Google Chrome, the following warning message was displayed – “Phishing sites trick users into disclosing personal or financial information, often by pretending to represent trusted institutions, such as banks.”
The site, however, is designed to look like a Facebook page and prompts the victim to enter the name, email address, password, security question, email account password, country, and date of birth. After having provided with all the information, the victim will be redirected to another page with the heading “Payment Verification” that asks for the first six digits of the victim’s credit card. Accordingly, in the following pages, the user is asked to enter the full credit card number along with the expiry date, CVV code (Security code), and the billing address.
If you’re an active Facebook user, then the most important thing that you must know is that Facebook never asks its users to enter their password(s), or credit card details. Check the URL of the site that you’re visiting and make sure it is genuine. Most of the sites that require users to enter any financial information, have a secured HTTPS connection, which are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems, which was not true in this case.
If you’ve been warned with such a message on Facebook, then ignore it. Alternatively, you can contact the Facebook Security team here and check if they sent the message or not. We have reported a similar Facebook Security Network Phishing Attack back in August 2011.
“These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias,” Jacoby wrote. “It is also recommend[ed] that you contact your security vendor and the social media vendor if you encounter these sites.”