Thursday, 24 November 2011

Facebook scam threatens to delete your account


A new Facebook phishing scheme is about as nasty as they come: The perpetrators threaten to delete users' Facebook accounts unless they hand over various account details within 24 hours. While some of you might welcome such a deletion, most of us would not. Sophos Security is warning about the scheme, which was shared on Hoax-Slayer.
Facebook users may get emails that purport to be from Facebook, saying that the user is violating the social network's policy regulations by annoying or insulting other Facebook users. And, the email says, unless certain personal and financial information (including credit card numbers) is submitted within 24 hours, the user's account will be done away with.

"The emails are entirely bogus," says Lisa Vaas on Sophos' Naked Security blog. "The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims."
As pointed out by Hoax-Slayer, scammers can use the ill-gotten information to hijack a user’s Facebook account. Then, posing as the account holder, the criminals can send out more scam messages and spam to a victim’s Facebook friends, bolstered by the trust users place in their friends.
Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.
 Hoax-Slayer warns users not to click on any links in the email itself. "Those who fall for the ruse and click the link will be first taken to a fake Facebook 'Account Disabled' web form that asks them to provide Facebook login details and part of their credit card number." Here's an example of the fake form:
"Once the victim has completed this bogus form, he or she is then taken to a second fake form that asks for webmail login details," Hoax-Slayer notes. Then, once that info is provided, the user "is taken to a third bogus form that asks for a username and — again — the first 6 digits of the user's credit card number."
As Facebook itself says on its security page:
Spammers and scammers sometimes send phony emails that have been made to look like they’re from Facebook or another reputable website. These emails can be very convincing, and the "From:" field can even be spoofed to include "Facebook” or “The Facebook Team.”
If an email looks strange, don’t click on any of the links in it, and delete it from your inbox immediately. Be especially wary of emails that ask you to update your account, tell you to open an attachment, or warn you to take some other urgent action.
"All these phishing scams boil down to a naked grab for your account details," wrote Vaas. "Remember, neither Facebook nor other reputable social media sites would ask for this information. The mere request is a surefire way to suss out bogosity."

No comments:

Post a Comment

Share

Widgets