How a Facebook Phishing Scam Swipes Credit-Card Data
Facebook has become a little less friendly in recent days, as a phishing scam targeting users of the social networking site has resulted in some victims sharing a lot more than their status updates.
Trend Micro over the weekend came across a malware sample, dubbed TSPY_MINOCDO.A, that redirects Facebook traffic to a spoofed "Facebook Security Check" page that asks for sensitive personal data.
At first, the page appears at first to be part of Facebook's security verification process. It even sports the tagline, "Security checks help keep Facebook trustworthy and free of spam."
But it's a Trojan horse in the classic sense. This fake Facebook page does anything but keep users secure.
Instead, it prompts users for their names, addresses, telephone numbers and credit-card information, all in an effort to steal as much data as possible from the user.
Facebook users trying to access their accounts are directed to the spoofed security page by malware they may have unknowingly installed as part of a drive-by download when they visited compromised websites.
So if a user tries to visit "facebook.com" or "www.facebook.com," he is rerouted instead to the fake security page.
Unlike other recent Facebook phishing scams that use fake links to redirect users to fraudulent login pages, this new scam is based on an executable file that places itself in a Windows computer's startup folder, so it's always active.
In other words, the same fake page will be brought up again and again until the malware is deleted from the system. This makes it particularly menacing for systems with multiple users.
To protect yourself from this phishing scam, keep in mind that Facebook and other social networking sites will never ask you to verify your account using credit-card information.
Use caution when downloading files from the Internet, and use security software to keep malware out of your system.