"Facebook 2013 Demo app" leads to phishing
Posted on 20 December 2012.
The offer of an app that supposedly allows users to view a new version of Facebook is the newest trick employed by phishers to get their hands on the users' login credentials, Symantec warns.

In reality, there is no "Facebook 2013 Demo" app - the page on which the users' are urged to log in has only one goal: record the submitted emails and passwords and sent them to a server controlled by the phishers.

Facebook users who land on the above phishing page are given clear instructions: they should log out of their Facebook account first, then log into this page, and they will be supposedly be able to see the "Facebook 2013" version for the next 24 hours.

The victims who have done what was asked will be immediately disappointed as they will be redirected to the legitimate Facebook login page and be faced with an unchanged look of the social network.

At this point, they will likely suspect something is wrong. Those who do are advised to immediately log into their Facebook account (if they can) and change their password to something long and complex. If they are lucky, the phishers will not have yet used the stolen credentials to hijack the account and use it for spamming their friends.

According to Symantec researchers, the scheme seems mostly directed towards Facebook users in India, as the phishing URL contains certain words in Hindi. They did not mention how the users were tricked into visiting the phishing page, but a Facebook spam campaign is the most likely culprit.


Banks and IT security: The elements of success

Nathan Horn-Mitchem, VP, Information Security Officer at Provident Bank, talks about delivering and maintaining IT security for 80 branches of the bank.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Mar 27th