Pandalabs did release in depth details about a Facebook hacking scam as well. They discovered a website which claimed to hack any Facebook account for $100 payable through Western Union. A user who wants a Facebook account hacked has to register at the website. The Facebook Id of the account that the user wants hacked needs to be entered into the form on the website. A script will then pull the username from that account and mimic a hacking attempt.

It will then ask the user to pay the $100 before the password to the account will be revealed. A user paying the $100 will not get the password to the account. The money is gone as well as it is not possible to get it back once it was send. Veteran Internet users therefor avoid making payments through these money transfer systems.

It is also likely that the login data is recorded and tried on various websites to see if the user did use the same login data on other websites which in the end could mean that the Facebook account of the user who wanted a Facebook account hacked got hacked. Oh, the irony.

Check out our Facebook Login article for pointers on how to avoid falling pray to criminals attacking Facebook.

Trend Micro are reporting about yet another Facebook phishing attack that is currently in the wild. The attack begins – like most phishing attacks – by mass mailing potential Facebook users informing them that they need to update their Facebook login credentials. A link is offered in that email and if they follow that link they land on a website that looks like Facebook. What’s interesting here is that the email address field of the Facebook login form is already filled out so that the Facebook user only needs to enter the Facebook password to complete the process.

A click on the login button will open a new page that contains a link to an update tool which installs a trojan on the user’s system.

It attempts to access a Web site to download a file which contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.

The blog post contains security tips on how to distinguish legit from phishing emails. Users who are interested in those can visit the blog post but the most important lesson once again is to avoid clicking on links that are send via email.

One option would be to request a password reset directly at Facebook. The option is available on the Facebook login page and requires only the email address that the user registered the Facebook account with. This usually should solve the problem of not being able to log into Facebook.

A superior solution to this is to use a password manager like Last Pass to store the Facebook account information. Last Pass can automatically fill out the form at the Facebook login page and log the user into the social networking website without interaction at all. Last Pass is currently available for several popular web browsers including Mozilla Firefox, Google Chrome and Internet Explorer.

Facebook support contains a Facebook login and password help page that addresses several questions that Facebook users might have about the login process. This includes

• I can’t log in to Facebook.
• I want to change my password.
• My account was hacked or “phished.”
• I want to change my login email address or add a new contact email address.
• I want to sign up for an account. I’m experiencing issues registering for an account.
• There is a yellow banner prompting me to confirm my account.
• I have questions about the “Keep me logged in” option.
• Bugs and known problems.

You can visit the support page here.