Fans of the immensely popular FC Barca football club may have been duped into giving away their Facebook log-on credentials, according to a post on Symantec’s Security Response blog.
Symantec researchers discovered a phishing site that was catering to fans of the team.The site, Facebook F.C.B., is now offline but was modeled to look like a Facebook log-in page, complete with forms that unsuspecting users could have used to enter their Facebook e-mail and password.
Certain elements of the page resembled a legitimate Facebook page, including the log-in forms, links to other pages on Facebook and even a symbol that made it seem as if the site had been copyrighted by Facebook in 2012.
The page featured a photo of F.C. Barca’s Javier Macherano, the team’s defensive midfielder and a bogus header calling out the site’s name: “facebook F.C.B.”
Once logging on, users were apparently taken to the official F.C. Barca Facebook site – to make it seem as if it was genuine – but not before swiping the user’s Facebook log-in information.
Access to an individual’s Facebook account has become a valuable phishing target for attackers over the last few years, and can provide a tool for phishing attacks against other Facebook users.
David Jacoby, a senior security researcher at Kaspersky Lab detailed an attack on Facebook earlier this year that not only tried to steal users’ log-on credentials, but their credit card information as well.
As we’ve seen before, fake Facebook profiles can act as convincing bait in social engineering scams.
This week, NATO acknowledged that a fake Facebook profile for Senior Commander James Stavridis, a US Navy Admiral, was used to trick senior officers in both the U.S. and British military to becoming friends.
For more on the FC Barca scam, head to the Security Response blog.