A new Facebook scam in the wild aims to steal sensitive data

Pierluigi Paganini June 04, 2015

A new Facebook scam in the wild that aim to steal sensitive data proposing a “Facebook Recovery” Accounts that share malicious links.

It’s not new that Facebook it’s the perfect place to try to get precious information and financial gain since it aggregates many people, crossing all generations. The popular social network is very attractive for cyber criminals, and Facebook Scam are “on the agenda”.

This time we are talking about one of the most recent Facebook scam that was uncovered by researchers at Malwarebytes.org.

For what was observed this Facebook scam starts with a rogue account (can be a fake one or one that was stolen) sharing a shortened URL and the message is entitled “Facebook recovery” and should look like this:

Notification: Your Account will be Disabled!

Account FACEBOOK you have already been reported by others about the abuse of account, this is a violation of our

agreement and may result in your account is disabled. Please verify your email account to unblock and help us do more

for security and convenience for everyone.

Immediately do recover your Facebook account, by clicking on the link below:

hxxp://j[DOT]mp/1HloHXd?help-facebook-recovery

“Attention”

If you ignore this message, we can not recover your account and your account will be permanently disabled.

Sorry to interrupt your convenience.

The Facebook Team

facebook scam 3

When clicking on the shortened URL the user is sent to the page below:

facebook scam 4

This so called ” Center Recovery Account” it’s just a bait for the user to enter his credentials, since nowadays users worry a lot about losing credentials, and ” Once a user entered the credentials asked and click Log In, data is posted to recovery.php, and then users are redirected to this payment page, which asks for his/her full name, credit card details, and billing address” :

facebook scam 5

Keep in mind that never Facebook asks money for their users to do whatsoever, so it doesn’t make a lot of sense having a “Center Recovery Account” where they ask for some money.

The majority of victims for this Facebook Scam is located in Asian countries and in the United States:

facebook scam 6

I know that users are more careful than some years ago, but this kind of Facebook scams are still very popular. One of the reasons is the lack of awareness on cyber threats, so keep always an the eye open trying to identify suspicious situations like receiving “odd” messages, messages with broken English, and messages that ask for PII and financial information.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

 

Edited by Pierluigi Paganini

(Security Affairs –  Facebook Scam, cybercrime)



you might also like

leave a comment