Phishers come up with new techniques to trick users into visiting their sites

Mar 26, 2013 01:01 GMT  ·  By

Experts warn Facebook users to be on the lookout for suspicious app invitations. Cybercriminals have started using Facebook applications to lure users to their phishing websites.

According to Avast researchers, the Facebook apps don’t have any content. They’re simply designed to redirect users to a malicious domain set up to host a phishing webpage.

To avoid raising too much suspicion, the phishing pages are hosted on domains such as facebook.com.profile.accounts .login.userid12321312. 2cm1.com.

At first glance, the phishing site is very much like the legitimate Facebook login page. However, a closer look reveals that none of the links work.

After victims enter their usernames and passwords, they’re redirected to YouTube. In the meantime, their credentials are stored in a text file that cybercriminals can access to retrieve the information.

In order to avoid falling victim to such scams, make sure you’re on the genuine Facebook domain before entering your credentials.

If, after logging in, you are directed to a different website, or you’re presented with the login page once again, you might be the victim of a phishing scam. In this case, change your account's password immediately.