14 DAY TRIAL // A phishing scam posing as a Facebook notification, has been spotted in the wild trying to steal login credentials not just for the account of the social networking site, but also for the email account of the user.
The message contains a link that purports to lead to a Facebook page; Malwarebytes researcher Jovi Umawing discovered that the URL leads to a malicious page informing the potential victim that their Facebook account had been disabled.
In order to verify the account, the potential victim needs to provide the email address for logging into Facebook along with the password. However, the cybercriminals also request additional information consisting of the credentials for the email account, date of birth, security question and answer as well as the country of origin.
Scammers are getting even bolder than this because after providing the aforementioned details, which are not required for re-enabling an account, they direct the victim to a page asking for payment verification details, under the pretext of purchasing Facebook credits.
Malwarebytes reports that Google has already put the phishing website on the black list, but accessing it is not restricted by all web browsers and users may still fall victim to the scam.
In this case, a simple way to detect the malicious intent behind the notification is to access Facebook by manually typing the URL of the social networking site in the web browser's address bar. Chances are nothing will stop the login process.
