By Adam Lapay, SOC Analyst

A new article from Kaspersky Lab posted 1/13/12, David Jacoby states that a new, dangerous and extra crafty Phishing scam is propagating through Facebook. Phishing is a method of obtaining usernames, passwords, and credit card information, by tricking unsuspecting users into putting this information into an illegitimate, fake website, which appears nearly the same as the legitimate one. This particular “Last Warning” Phishing attempt is a perfect example of one that attempts to steal all of the above.

This particular phishing attack is unique and raises much concern because of its worm like behavior of attempting to propagate itself via a compromised account, to “infect and hijack” other Facebook accounts instead of merely logging unsuspecting victims credentials and or credit card information on the phishing site.

The first module of this Phishing scam starts when an account has taken the bait, and the password has been compromised, the phished account then uses the password the victim provided, changes the name to “Facebook Security” and swaps the profile picture to the Facebook logo. Facebook normally blocks any attempt to change a username to “Facebook” or “Security”, however in this case since they are special ASCII letters, it bypasses the blocking security measure.

If you look carefully examine “Facebook Security” you’ll notice that the a, k, s, and t are slightly off!

It then proceeds to send this message to everyone on the contact list, repeating the entire cycle. It states:

“Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: [URL REMOVED] Thank you. The Facebook Team”

Here is the second, scarier part of the Phishing Module. It redirects to a site that appears similar to Facebook, and asks for a lot of sensitive information, which if filled out, completely compromises the victims Facebook, as well as the email used in conjunction to log into Facebook.

The second module then continues to take you even further, and asks you for the first 6 digits of your Credit Card:

And the last part of this Phishing scam comes right out with it, and ask you for ALL of your Credit Card information, right down to the last detail:

In conclusion, you can see that this particular Phishing scam is pretty scary. If someone fills these forms out in their entirety, the scammer has every bit of information they need, as well as entire list of Facebook friends that it could potentially compromise as well. What’s the best way to avoid this? As general practice never give out your email and password, and if you must give credit card information, always make sure its encrypted and over a secure “https://” connection.



Tags: , ,