Cybercriminals have come up with a clever way to get Turkish users to hand over their Facebook account credentials. They’re abusing the name of the Turkish Police Force to make their scam more genuine-looking.
According to Symantec, the phishing site – located on a free hosting service – purports to be owned by Turkey’s General Directorate of Security.
It informs victims that the Turkish Police has developed the site to combat the theft of Facebook information.
Users are instructed to enter correct information, as per the Turkish criminal code, to allow the police to protect their Facebook accounts.
Once the victims enter their usernames and passwords, they’re redirected to the legitimate Facebook domain.
The name and address of the main branch of the Turkish Police Force in Ankara are displayed on the phishing page to make it more realistic.
It goes without saying that users should avoid entering their information on such pages. Law enforcement agencies try to help users by raising awareness, not by asking them to hand over their passwords.