WARNING - Cleverest Facebook scam yet

Sunday, November 27, 2011

'Cleverest Facebook scam yet' accuses users of violating site policy and threatens to delete their account


  • Account holders asked for passwords and financial information
  • Scam mirrors 'real' warnings sent to internet trolls
  • Comes in form of email from site
  • Latest in string of high-profile attacks on Facebook


By Rob Waugh

Last updated at 12:35 PM on 25th November 2011

Facebook: As with most sites, legitimate warnings from the site will come when you attempt to log in, not in unsolicited emails, no matter how convincing they look
Facebook: As with most sites, legitimate warnings from the site will come when you attempt to log in, not in unsolicited emails, no matter how convincing they look

'Phishing' scams range from the hilariously inept up to sophisticated attacks that can fool even computer experts.

But a new email Facebook scam is among the cleverer attacks directed at users of the social network - now a commercial hub used to trade music, video and films.

A recent assault designed to steal users' Facebook details is among the most sophisticated yet, say experts - because it mimics the security procedures that sites such as Facebook or Google use to defend against 'internet trolls' and other 'bad behaviour' online.

The scam comes in the form of an email accusing the user of a violation for insulting or annoying another Facebook users - and saying that their account will be deleted in 24 hours.

Naturally, at this point, the email requires Facebook login details and - for 'authentication' purposes - parts of a person's credit card details.

The email links to a fake Account Disabled page, which asks for a large number of personal details, including crediti card details.

As site Hoax-Slayer, which found the email, points out, the access to login details enasbles the scam to travel further and faster, by sending it to new users from trusted friends.

'The emails are entirely bogus,' says internet security experts Sophos. 'They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details.

'Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.'


Facebook's recent partnerships with music companies such as Spotify and Deezer, as well as games companies such as EA, mean that the site holds a full 'suite' of data that could be used for identity theft
Facebook's recent partnerships with music companies such as Spotify and Deezer, as well as games companies such as EA, mean that the site holds a full 'suite' of data that could be used for identity theft

'Last warning: Your account has violated the policies that are considered annoying or insulting to other users'


Hoax-slayer warned against emails that contain phrases 'LAST WARNING: Your acccount is considered to violated the policies that are considered annoying or insulting to Facebook users.'

The fishy smell becomes even stronger at this point - users are asked to 'confirm to their webmail' about the security breach.

A THIRD page, with a fake 'Terms and Conditions' harvests yet more data, along with a series of stern warnings.

By this time, expereienced internet users would probably realise that the email was not legitimate - but Facebook's wide user base among the young, the old and people in developing countries mean that not everybody might be familiar with such internet scams.

A similar recent Facebook scam purporting to be from Facebook Security claimed to be watching out for users' accounts being accessed from elsewhere - using almost exactly the same vocabulary Gooogle and Facebook use when you DO log in from an unfamiliar location.

Hoax-Slayer reported the email as saying, 'Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before.#

We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email'

Sites such as Facebook and Google DO issue warnings about rule violations and unaauthorised access, of course, but usually only when people are attempting to log in to the sites.

Any warning of this sort received by email should be treated with extreme caution.

Sophos says, 'These phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information. The mere request is a surefire way to suss out bogosity.
Another bogosity beacon: note the grammatical and spelling errors.'


Read more: http://www.dailymail.co.uk/sciencetech/article-2066083/Cleverest-Facebook-scam-threatens-DELETE-account---unless-hand-details.html#ixzz1euPAld1E