Fake Facebook login page steals credentials, pushes malware
Symantec researchers have recently discovered a phishing site that packs a double whammy: the site asks the user either to log into Facebook or to download an app in order to activate a bogus service that will supposedly let them know who visited their Facebook profile.
For those who opt for the first option and enter their Facebook login credentials have unknowingly allowed their username and password to be sent out to phishers, and will likely be used to hijack the victims’ account.
For those who chose the latter option (download), the news could be even worse. The file (WhoViewedMyfacebookProfile.rar) offered for download contains an information-stealing Trojan, which can potentially gather all kinds of confidential information from the victims’ computer – including personal, financial and login information for different online services – and is set to send them to the attacker€™s email address.
What the researchers have noted, is that the email address has not been valid for 3 month, so the information gets sent and lost into a virtual black hole of the Internet. Nonetheless, the malware can get updated at any moment, and the email address in question changed to a valid one.
“If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes,” note the researchers. The phished credentials are, then, obviously sent to servers controlled by the attackers, and not to the aforementioned email address.
The researchers urge the social network users to be careful about where they are entering their account credentials (always check if the URL is the right one, and do not follow links from unsolicited emails) and what software you download (do not accept software you have not asked for, and be careful when searching for software online – keep to established download sites).
For more information click here.