A new Facebook scam in the wild aims to steal sensitive data

A new Facebook scam in the wild that aim to steal sensitive data proposing a “Facebook Recovery” Accounts that share malicious links.

It’s not new that Facebook it’s the perfect place to try to get precious information and financial gain since it aggregates many people, crossing all generations. The popular social network is very attractive for cyber criminals, and Facebook Scam are “on the agenda”.

This time we are talking about one of the most recent Facebook scam that was uncovered by researchers at Malwarebytes.org.

For what was observed this Facebook scam starts with a rogue account (can be a fake one or one that was stolen) sharing a shortened URL and the message is entitled “Facebook recovery” and should look like this:

Notification: Your Account will be Disabled!

Account FACEBOOK you have already been reported by others about the abuse of account, this is a violation of our

agreement and may result in your account is disabled. Please verify your email account to unblock and help us do more

for security and convenience for everyone.

Immediately do recover your Facebook account, by clicking on the link below:

hxxp://j[DOT]mp/1HloHXd?help-facebook-recovery

“Attention”

If you ignore this message, we can not recover your account and your account will be permanently disabled.

Sorry to interrupt your convenience.

The Facebook Team

When clicking on the shortened URL the user is sent to the page below:

This so called ” Center Recovery Account” it’s just a bait for the user to enter his credentials, since nowadays users worry a lot about losing credentials, and ” Once a user entered the credentials asked and click Log In, data is posted to recovery.php, and then users are redirected to this payment page, which asks for his/her full name, credit card details, and billing address” :

Keep in mind that never Facebook asks money for their users to do whatsoever, so it doesn’t make a lot of sense having a “Center Recovery Account” where they ask for some money.

The majority of victims for this Facebook Scam is located in Asian countries and in the United States:

I know that users are more careful than some years ago, but this kind of Facebook scams are still very popular. One of the reasons is the lack of awareness on cyber threats, so keep always an the eye open trying to identify suspicious situations like receiving “odd” messages, messages with broken English, and messages that ask for PII and financial information.

About the Author Elsio Pinto

Edited by Pierluigi Paganini

(Security Affairs –  Facebook Scam, cybercrime)