A new spam attack hit Facebook that threatens to delete users’ account unless they submit valid account details within 24 hours, says Security firm Sophos Naked Security in its blog post. The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims.
The phishing messages are charging Facebook users with violating policy regulations by annoying or insulting other Facebook users. The messages are then requesting personal and financial information including Facebook login details and part of recipients’ credit card numbers.
The emails are entirely bogus. They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details.
The scammers can use the ill-gotten information to hijack a user’s Facebook account. Then, posing as the account holder, the criminals can send out more scam messages and spam to a victim’s Facebook friends, bolstered by the trust users place in their friends.
[advt]Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.
A typical phishing scam reads like this, according to Hoax-Slayer:
LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
[Link Removed]
Thanks.
The Facebook Team
Copyright facebook © 2011 Inc. All rights reserved.
Recipients who click the link will be presented with a fake Facebook “Account Disabled” web form. The form asks for Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user’s credit card number, and their country of residence.
After completing this first form, the victims are taken to a second form labelled “Confirm to your webmail” that requests webmail program and password.
If that’s not enough, handing over this information will lead victims to yet a third bogus form, labeled “Terms of Service.” This form again asks for user name and the first six digits of the user’s credit card and sternly warns victims that their accounts more or less will be lined up in front of a firing squad and shot at dawn unless they comply.
If you ignore this warning, then our security system will block your account automatically.
Stay safe, and don’t click on links from the likes of these scammers.
Be the first to comment