We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Hackers impersonate Facebook security in chat phishing scam

Hackers impersonate Facebook security in chat phishing scam

Phishers modify hijacked Facebook accounts to impersonate the website's security team

Article comments

Hackers are impersonating the Facebook security team using hijacked accounts in a new phishing attack spreading through the social network.

The attackers replace the profile picture of compromised accounts with the Facebook logo and change their names to a variation of "Facebook Security" written with special Unicode characters, said Kaspersky Lab expert David Jacoby.

Facebook claims that changing the profile name can take up to 24 hours and is subject to confirmation. However, in Jacoby's tests the change occurred almost instantly and required only the password. This was also confirmed by a victim whose profile name was modified within five minutes of their account being compromised, he said.

After the victim's profile name and picture get changed, the attackers send out a chat message to all of their contacts informing them that their accounts will be suspended unless they re-confirm their information.

The rogue messages appear to be signed by "The Facebook Team" and contain a link to a phishing page hosted on an external domain. The web page mimics Facebook's design and asks for name, email, password, security question, country, birth date and other information needed to hijack the account.

However, the attack doesn't stop there. According to Jacoby, a second form asks users for their credit card details and billing address. This is somewhat unusual for Facebook phishing attacks, the majority of which target only social networking account information.

"These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social media," Jacoby said.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *