14 DAY TRIAL // It’s clear that the piece of malware known as Ice IX is very effective when it comes to aiding cyber fraudsters collect banking details. The latest configuration uses web injection to make it appear as the information is handed over to Facebook and not some cybercrook.
Experts from Trusteer identified the new configuration and found that the malware’s developers even made an advertisement video to promote their malicious product.
The attack begins with the Facebook login page. Once the unsuspecting user signs on to his/her account, the web injection steps into play and triggers a pop-up window which notifies the user that he/she needs to provide some verification data in order to continue using the Facebook account.
The so-called verification information requests cardholder name, credit or debit card number, expiry date, CVV, physical address, social security number and date of birth.
After the sensitive data is submitted, everything is sent to a messaging application controlled by the fraudster, allowing him to easily gain access to the victim’s account and implicitly his funds.
“This attack highlights how fraudsters are branching out from their ‘bread and butter’ online banking schemes into lateral applications with much larger user populations. By attacking Facebook and other ubiquitous social networks fraudsters can tap a massive pool of victims,” Trusteer’s Amit Klein wrote.
“They can also use the information harvested from social network users to perpetuate fraud on multiple in fronts including online banking, retail, and even to penetrate enterprise and government networks.”
To protect yourself against such operations there are some simple things you must remember. First of all, Facebook never requests credit card information, social security numbers, or other sensitive data.
Always check to see if you are on the legitimate page by verifying the site’s name in the browser’s address bar.
Finally, make sure your computer runs an up-to-date antivirus solution and be sure to report any suspicious content to Facebook.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1