Russian scam website charges $100 for Facebook-account hacking services

Sep 19, 2009 10:53 GMT  ·  By

Panda Labs' Technical Director, Luis Corrons, has discovered a Russian-owned website that offers to hack any Facebook account for $100. The website is registered to a Moscow address, being offered with English content to appeal to a broader audience.

At a first look, the website seems to be a legitimate service, but, on a closer inspection, some clues can be found for the service's real purpose: to take money from people that will not be able to submit a formal complaint at a police station. Due to the person's illegal purposes in using the service, no one could complain about losing their money without also accusing themselves.

The website requires registration and authentication before letting a user employ its service. After loging in on the website, they are asked to enter a Facebook id, which is cracked to display the victim's username and real name, just to have a grip on the user's trust. For finding out the victim's password, the user has to push a “Start Facebook hacking!” button. After politely asking them to wait for a couple of minutes, the service proudly answers that it was able to hack the account, but hides the resulted details to enforce the user to pay first.

To fool the user into thinking it was a legit service, all payments are to be processed through Western Union. The scammers had even the courage to place a bright, red message above the fields where financial information was to be inputted. The message read, “Don't try to input false data. We track all payments via WU website.”

The scammer's Audacity went even further, through the presence of a FAQ page and an affiliate program section for “dedicated” users. All in all, the website managed to take advantage of today's most popular topic, the social network battle between Twitter and Facebook, and supplied a service that exploited one’s natural curiosity.

Mr. Corrons has taken some screenshots of the website, which can be found at this link.