Spam

BEWARE OF A NEW dangerous Facebook phishing scam!

January 1st, 2013

A very convincing scam that spoofs Facebook verification pages is being used to steal users’ personal details and credit-card information before taking user to the real Facebook, leaving many victims none the wiser that they’ve just given their sensitive details to criminals.

The scam, outlined by Australian software architect Troy Hunt on his blog, starts out as a link to a viral video or other Internet meme, perhaps in a friend’s tweet. It’s a shortened link that obscures its real destination, but users will be relieved to land on what looks like the standard Facebook login page.

After the visitor logs into his Facebook account, the phony site asks victims to update their Facebook account security and provide additional information — a security question, a mobile-phone number and full credit-card details, right down to the expiration data and card security code. There’s even an “overall protection” graph that mimics password-entry forms.

Unless they pay close attention to the address bar, the nearly perfect spoof page is likely to make users feel perfectly safe. Although the page looks exactly like Facebook, it’s actually faceboourk.com.

Once users have given “Faceboourk” their Facebook login credentials, phone numbers and credit cards, the site’s work is done. It takes them to the real Facebook login page, stealing their personally identifiable information and dumping them at Facebook’s front door in one seamless motion.

Scams like this aren’t new or uncommon, but this one’s level of sophistication and lack of spelling mistakes makes it especially noteworthy.

Hunt tried to look up the Internet registration information for the phony site, but was only able to glean that information entered into the faux Facebook pages was redirected to a “parked” (unused but registered) porn URL, and from there sent elsewhere.

Hunt said he thinks the scam may have abated for now. Still, Internet users should always treat links with skepticism and pay close attention to the URL, especially when entering sensitive information.

Scammers’ likely use the information gleaned from such phishing scams to sell on the black market or commit identity theft and financial fraud.

Their unscrupulous activities can lead to days, weeks and even months of financial headaches as victims attempt to sort out the financial havoc that’s been wreaked on their lives.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta