“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing Web site. It will reuse the stolen information and login to the compromised account and change both profile picture and name,” writes David Jacoby, a Kaspersky Lab Expert, in a blog post.
“The profile picture will be changed to the Facebook logo and the name will be translated to ‘Facebook Security’,” he wrote. This scam works by infecting your facebook account, afterwards, the virus/app changes your profile picture to the Facebook logo and begins to message all of your friends. Because no one is expecting “facebook” to be messaging them, they can easily fall for this kind of scam.
The link redirects to a Web site that is made to look like a Facebook page and it prompts the visitor to provide name, e-mail, password, security question, e-mail account password, country and birth date, the blog post says. After that information is provided another page appears with a heading “Payment Verification” that asks for the first six digits of the person’s credit card. A subsequent page then asks the visitor to verify the information by providing the full credit card number, expieration date and security code as well as billing address, Jacoby wrote.
Protecting the people who use Facebook from spam and malicious content is a top priority for us. We have spent several years developing protections to stop spam from spreading and have sought to cooperate with other industry leaders to keep users and their data safe. We’ve built enforcement mechanisms to quickly shut down malicious Pages, accounts and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook. Beyond these protections, we’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.
In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with out legal team to ensure appropriate consequences follow.
As always, we advise people not to click on links in strange messages, even if those messages have been sent or posted by friends. This tip and many more can be found on our Facebook Security Page (http://www.facebook.com/security), which is followed by over four million people.
Read more at Cnet