Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Facebook chat-based phishing attack impersonates Facebook Security

Phishers modify hijacked Facebook accounts to impersonate the website's security team

A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.

The attackers replace the profile picture of compromised accounts with the Facebook logo and change their names to a variation of "Facebook Security" written with special Unicode characters, said Kaspersky Lab expert David Jacoby in a blog post.

Facebook claims that changing the profile name can take up to 24 hours and is subject to confirmation. However, in Jacoby's tests the change occurred almost instantly and required only the password. This was also confirmed by a victim whose profile name was modified within 5 minutes of their account being compromised, he said.

After the victim's profile name and picture get changed, the attackers send out a chat message to all of their contacts informing them that their accounts will be suspended unless they re-confirm their information.

The rogue messages appear to be signed by "The Facebook Team" and contain a link to a phishing page hosted on an external domain. The Web page mimics Facebook's design and asks for name, email, password, security question, country, birth date and other information needed to hijack the account.

However, the attack doesn't stop there. According to Jacoby, a second form asks users for their credit card details and billing address. This is somewhat unusual for Facebook phishing attacks, the majority of which target only social networking account information.

"These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social media," Jacoby said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Facebook, Kaspersky, Kaspersky Lab, Unicode
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Exploits / vulnerabilities, Facebook, Identity fraud / theft, security
Latest Blog Posts
Whitepapers
  • Top 5 Myths of Safe Web Browsing
    There are a lot of misconceptions out there about safe web browsing. You might think you're being safe. But without the facts it’s next to impossible to stay protected against today’s changing threats. In this paper we describe the top five myths of safe web browsing, what the facts really are, and what you can do to stay secure.
    Learn more »
  • Server and Storage Optimization Techniques
    By meeting the requirements to deploy new applications and support a larger number of internal and external customers, IT organizations are facing a space, power, and cooling crunch. Read on.
    Learn more »
  • Unified Monitoring™ A Business Perspective
    The enterprise computing landscape has changed dramatically. Virtualisation, outsourcing, SaaS, and cloud computing are creating fundamental changes, and ushering in an era in which enterprises distribute increasingly critical IT assets and applications across multiple service providers.This paper explores today’s computing trends and their monitoring implications in detail. In addition, it reveals how a new monitoring paradigm architecture, that uniquely addresses the monitoring realities of today’s and tomorrow’s enterprises—whether they rely on internal platforms, external service providers, or a combination of both.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.