Cyber criminals are targeting innocent Facebook users with yet another phishing scam — This time, it’s quite a sophisticated one so watch out!
Previous week HackRead informed users around the world about the ‘Account Violation’ Policy phishing scam that was circulating on Facebook, which compelled users to send in details of their login credentials to the attackers. Now another scam is targeting users on the social media stealing your login data.
The secret of a phishing attack is in its fabricated originality, it’s a sham which seems to be pretty convincing, and hence it traps you. One such phishing scam has recently been uncovered by Barracuda security researchers.
Remember, Facebook never sends message to users’ inbox
The big target is none other than Facebook; this new phishing technique appears as a command message on the notifications board in which users are sent messages in their inbox containing a malicious link claiming that someone reported irregularities of content on their Facebook account. This is of course not true and just a trick to make sure you click the link and send all your login data to the crooks behind the scam.
How it acts and how to detect:
It makes use of a shorter URL instead of the regular lengthy URL.
It seems to be a gibberish message, as it goes about the violation of TOS and content abnormalities.
It employs intimidating language signifying extreme action.
It then demands verification of contact information and thanks the customer for improving feedback and teamwork.
It shows up as a notification and not a text message, Facebook notifications also specify shares or mention by a different user.
Barracuda blog post elaborates:
This is a smooth trap which looks like a compliance message sent by Facebook, complete with the Facebook name and logo. Sometimes, it seems like a direct message that refers customers as “Dear customer” to take you off guard.
How phishing works:
The key aim of a phishing scam is Facebook’s identity theft; it is like conning the users and gets them to verify their account details. In the case of a successful phishing attack, it renders your Facebook account vulnerable to a hijack, not only has that it also puts you at a data steal risk on many broader levels. The attacker may even misuse the personal account information against the Facebook website administration. These webpage managers are more at risk than anyone else and may call forth other spear-phishing bouts.
The researchers warn you further not to respond to any threatening command issued as a notification. As soon as you encounter this con you must immediately report the activity to Facebook.