Cybercriminals often rely on compromised Twitter accounts to send out malicious links via direct messages. According to experts from GFI Labs, the same method is now being utilized on Facebook.
Phishers are sending out private messages in which they inform recipients that, “Your account is reported to have violated the policies that are considered annoying or insulting Facebook users.system will disable your account within 24 hours if you do not do the reconfirmation. Please confirm your Facebook account below.”
The link from the post leads to a fake Facebook website which asks victims to provide all sorts of information, including name, email address, password, country, gender and date of birth.
However, the cybercrooks are not content with this information alone. They also request users to enter their email provider’s name and the password associated with the account.
This is allegedly needed to reactivate the Facebook account. In the final part of the scheme, victims are requested to hand over payment card details, such as card number, type, expiration date, security code, and billing address.
It goes without saying that you should avoid such sites. Also, never hand out such information on the Internet, unless you’re certain that the site is trusted.