Facebook Security Phishing Attack In The Wild

By David JacobyAt the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.

David Jacoby

At the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.

This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.

Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:

Facebook

“Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vuThank you. The Facebook Team”/

When clicking on the link you will be redirected to a website which looks very similar to Facebook, and asks you for personal information such as: Name, Email, Password, Webmail system, Password to email etc. When submitting this form the details will be sent to the attacker, and they can automatically login to your Facebook account and compromise it.

Facebook

After the victim submitted the information another webpage will appear, this page states that you need to confirm your identify with a payment and asks for your Card Number.

Facebook

The last page of the phishing scam will try to confirm your Credit card information including CSC/CVV code.

Facebook

These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias. It is also recommend that you contact your security vendor and the social media vendor if you encounter these sites.

*David Jacoby is a Senior Security Researcher at Kaspersky Lab

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Reegun on

    Its weird that people processing their payment for free social networking....

    Attackers: "Thanks Facebook team"

  • Martin John Kershaw on

    Hello

     

    My facebook account has been "locked" because I requested a landline call with a security code. I had been given several photos of friends to indentify, which I did correctly ~ then I requested a call ~ by entering my landline into a box ! The phone rang and an electronic female voice gave out a code ~ after the first 4 digits / letters, the voice became garbled ~ I couldn't understand the remaining digits ! I tried to enter whwt I thought they were ~ no success # the mwessage told me that I had tried too many times within too short a period ~ so I waited 24 hours and the photos came up, which I identified correctly ! Then up came a notice which read "No authenticating methods are currently available. Please come back later." I have come back later for almost a week now ~ same thing happens ~ photos ~ then the same message ! I would really like to get back on my account ~ because I was writing a few short stories about my life as a sesson guitarist 1966 ~ 2006 in the London studios, where I played on more than 100,000 tracks ~ inc. 36  UK NO 1's and 125 Muppet Shows ! I had written 18 of these comical stories ~ now I'm in limbo ~ not knowing if they have been destroyed or what is going on !

     

    Martin Kershaw.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.