Part of any aspiring entrepreneur\\\'s marketing arsenal is using Facebook to promote their business and engage customers. While Facebook is easy to use there are also threats to watch out for like a new form of phishing that tries to steal not just Facebook credentials but also credit card information.
[related|post]“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website,” says Kaspersky Lab security expert David Jacoby. “It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ASCII characters replacing letters such as “a” “k” “S” and “t”,” Jacoby explained. Kaspersky Lab is a leading developer of secure content and threat management solutions.
Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:
"Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: => http://apps-xxxx-xxxxx-user.de.vu
Thank you. The Facebook Team"/
When a victim clicks on the link, he will be redirected to a website that looks and feels like Facebook’s own website. The fake Facebook site then asks the victim to provide personal information such as name, email address, password, webmail system, among others.
When submitting this form, the details will be sent to the attacker who can automatically login to your Facebook account and compromise it.
After filling up these details, the victim will be asked for final identity confirmation with a payment and by having the person give his or her credit card information.