Facebook Phishing Scam Using Pornographic Images to Steal Login Data
A Facebook phishing scam is stealing login credentials by using pornographic images — Scammers are using Facebook groups to spread their campaign!

There is no way to stop cyber criminals from stealing login credentials of innocent social media users — Recently, one of the HackRead’s writers found a Facebook phishing scam targeting users and stealing their login data. What makes this phishing scam dangerous is the fact that apparently non of the phishing filters have detected any wrongdoing with the links used in this campaign.

Cyber criminals behind this scam have three motives one is to steal users’ login credentials, the second is to get some likes on their Facebook page and third is to profit financially. It starts with scammers posting a link in the comments section of several Facebook groups with a large thumbnail of a nude girl but to make it look like a legit link scammers also mention that video already got hundreds of comments, shares plus thousands of views. The description on the link goes something like this ”groups teen-girl-japannese-18-[retracted]–010 Click HERE to view video recorded 2.381 Likes, 749 Comments, 9.185 Views, 571 Share.”

This scam is similar to the recently reported ”Facebook comment tagging malware scam”. Here are two images we collected from the original post showing a play button tricking users into playing a video which is actually phishing link:

Must Read: Facebook Users Hit with ‘irregularities of content’ Phishing Scam

Facebook-phishing-scam-in-groups-6
If you see such images don’t click on them

Upon clicking the so-called play button an automatic tab opens on user’s browser asking them to login with their Facebook login email or phone and password. Upon logging in; the user becomes a victim with their email and password being sent to the cyber criminal meanwhile they are being redirected to an online survey website asking them a bunch of question and eventually congratulating them on completing the survey.

Facebook-phishing-scam-in-groups1-5
Here is an example screenshot we took from the actually phishing link asking users for their email or phone number and password

In some cases, users are redirected to another website which downloads fake version of flash player on their device. It’s still unclear if the downloaded file is infected with a malware or adware, in both cases, users have everything to lose.

Screen Shot 2016-07-26 at 10.52.08 PM


Must Read: Latest Facebook Phishing Scam Steals Login Data Using ‘Account Violation’ Policy

Good News:

Good news is that if you are using Google Chrome; it already prevents users from accessing the site hosting this scam however scammers are smart and they are already using other domains to run this scam and at the time of publishing this article; Chrome didn’t show any warnings whatsoever.

Facebook-phishing-scam-in-groups-5

So be careful, it is recommended to login to Facebook through an official App or by entering the address into the browser’s address bar instead of clicking links.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.