According to several reports on websites such as Computerworld, a new phishing scam is currently in the wild that attempts to steal Facebook login information from users of the social networking site.
Pandalabs, who uncovered the phishing scam, published basic information about the attack but did not go into details. What we do know is that the attack page that users are redirected to looks like the Facebook log in page, and that it displays an error message to the user after the account username and password have been entered.
The article mentioned that the fraudulent url is most likely spread by email but also by Blackhat SEO techniques which could mean that the attackers have placed the fake website in prominent positions in search engines. This could convince users that they are loading the legitimate Facebook website when in fact they are visiting a specially crafted website to steal login information.
Pandalabs published in-depth details about Facebook hacking scam as well. They discovered a website that claimed to hack any Facebook account for $100 payable through Western Union.
A user who wants a Facebook account hacked has to register at the website. The Facebook Id of the account that the user wants hacked needs to be entered into the form on the website, and a script will then pull the username from that account and fake a hacking attempt.
It will then ask the user to pay the $100 before the password to the account will be revealed. A user paying the $100 will not get the password to the account. The money is gone as well as it is not possible to get it back once it has been send. Veteran Internet users avoid making payments through these money transfer systems because of this, especially if the recipient is not trusted or known by them.
It is also likely that the login is recorded and tried on various websites to see if the user did use the same information on other websites which in the end could mean that the Facebook account of the user who wanted a Facebook account hacked got hacked. Oh, the irony.
Check out our Facebook Login article for information on how to avoid falling pray to criminals attacking Facebook.
Generally speaking, it is important to check the full address of the site you are on, before you enter any important data on it. Important data includes username and password, but also credit card numbers, social security IDs, and any other form of data that is personal and should not fall in the hands of unauthorized people.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.