Hackers introduce new catch for entrapping Facebook users

Posted on January 17, 2012 by iGennie Technical Services

Facebook has become the apple of the hacker’s eyes. They imply all their tricks and plots over Facebook to squeeze out personal information of the victim and stuff their kitty. A Facebook phishing scam has newly evolved as the strong weapon for the hackers to get their evil intentions fulfilled. This scam is designed in a way that not only robs away the Victim’s login details but also edits their profile name and pictures to Facebook Security and intrudes through the friends list of the victim on the social network and further cause damage to them.

Computer security organization Kaspersky labs have revealed that the new Facebook scam is also equipped to wring out highly confidential information like the security questions and secret credentials of the victim’s credit card.

It works in several steps such as:

• Once they victimize an account holder, his profile displays “Facebook Security,” and sends a common message to all his contacts.
• The message gives an impression of being a security alert saying “Last Warning” and further asks to “re-confirm your account security”. It also displays a malicious link.
• Once the victim clicks on the link it will take the recipient to a website appearing similar to Facebook.
• Further this website will ask the recipient to provide the personal information for instance: Name, Password, Email, Password to email, and Webmail system.
• According to Kaspersky lab, no sooner the information are provided than the attacker grabs it and immediately utilizes it to login to the victim’s Facebook account and compromise it as per his will.
• The process doesn’t end there. After the information is supplied, the victim is redirected to yet another webpage. This page claims that the victim then has to prove his identity with a payment for which the credit card number and details are asked for.
• Now comes, the ending page of the phishing scam which tries to verify the authenticity of the credit card information along with CSC/CVV code.

A blog post on this phishing scam declares, “This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to ‘Facebook Security’ but containing special ascii characters replacing letters such as ‘a’ ‘k’ ‘S’ and ‘t,”.