Cleverly designed Facebook phishing scam steals credit card details

Posted by Geraldine Hunt on Tue, Jun 26th, 2012

You may already have heard of the latest Facebook phishing scam, it’s been active for the  past few weeks. You have to marvel at the increased sophistication of these scams. Clever, maybe, but definitely scary. This latest Facebook chat phishing scam is designed to steal not only your Facebook credentials but also your email log in details and your credit card details.

What is Phishing

Phishing, a form of Internet fraud, aims to steal valuable information such as credit cards, bank details, user IDs and passwords. It uses spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information. The latest Facebook chat phishing scam The latest scam as reported in the Kaspersky blog  last week involves the Facebook chat function. Once a Facebook account is successfully compromised the scammer changes the name of that account to that of ‘Facebook security’. A chat message is then sent to contact list of that account warning that the users account will be shut down unless you reconfirm the account details.

Guess what happens next?

This is a Facebook security message afterall! The chat message contains a link and redirects to a site which looks just like Facebook. The unsuspecting victim is then asked to supply account details including their Facebook log in details. It’s that simple, the scammer now has access to the Facebook account details and access to all of your Facebook contacts which allow them to move onto the next part of the scam.

This particular attack also asks for email passwords leaving the scammer in a powerful position to easily compromise several other accounts. As if that wasn’t enough Kaspersky report that this phishing attack goes one step further and asks for a payment giving the attacker access to credit card details including CSC/CVV code.

Sometimes it’s best to take a step back, a few deep breaths and think – why would a social network that is free be asking you for your credit card details to confirm your account.? When do you ever need to give your CVV number except when your ordering something on line ?.

We are programmed to respond to security messages - would you be fooled by this Facebook scam?
This is certainly an intricate scam yet simple in that it relys on the victim believing the initial fake facebook security message. Facebook or any reputable organisation will not ask you for your credit card details as a way to prove your identity. I guess you could say the approach is clever but as these attacks are malicious in nature perhaps the best word is evolved trickery. A word of advice, your Facebook account will not be shut down. Facebook or any reputable organisation will not ask you for your credit card details as a way to prove your identity.

Phishing attacks take advantage of both technical and social vulnerabilities.

There are a large number of different kinds of attacks The internet provides benefits and opportunities to everyone, including criminals. Phishing attacks take advantage of both technical and social vulnerabilities. Ongoing financial attacks are now a reality to the point that they’re considered the norm.The fact that some business don’t take the necessary measures to protect themselves against what can only be described as increasingly ingenious scams is worrying. The fact that businesses can loose substantial sums of money due to both fraud and network damage / clean up.

As Sherlock Holmes might say, its elementary.

With a successful phishing and malware attack, everything is at risk. A company network can suffer a malware infection as a result of an employee clicking on a bogus link in a Facebook post or other social networking site. The impact of a successful malware attack can have serious and long term consequences such as unauthorized network access, exposure of the companies information systems and the exploitation of this highly classified business information by criminals.

An unsecured network is a broken link and enables criminals to take advantage of your internal resources. Its increasingly important to comunicate to employees to ignore messages like these if they reach their inbox or news feed. As well as using basic common sense on the Internet ensure your organisation is running powerful web filtering software and email security software – these could save the day if an employee ever get fooled by a phishing scam.