Facebook members are advised to be on the lookout these days for a malicious operation that’s designed to take over their accounts by requesting the user to confirm his identity and provide sensitive information.
"Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: [LINK] Thank you. The Facebook Team," reads the phony message.
Kaspersky Lab Experts came across this attack and analyzed it to find out how it works.
Once the victim clicks on the link from the notification, he is taken to a webpage that resembles a legitimate Facebook page that contains a form. The user has to provide details such as name, email address, password, secret question, answer to secret question, webmail, email password, and birth date.
The next step is represented by a payment verification page that requires the first six digits of the credit card number, allegedly needed for purchasing Facebook Credits.
Finally, another payment verification form requests detailed credit card information, including CVV code, expiration date, card type and card number.
After the valuable information is obtained by the crooks, they take over the victim’s account, replacing its name and profile picture to display the Facebook logo with the purpose of making it look like an official account.
By using the compromised account, the attackers send out the fake warning message to all the user’s contacts in the attempt of luring them into the scheme.
Users are advised never to hand out sensitive information on social media websites, even if the whole thing seems legitimate.
Facebook will rarely request credit card details and if it does, it’s because you may have initiated a transaction. If you encounter such scams, ignore them completely since social networks don’t make threats and then ask you for money or other private data.
Find us on Google+
