Browse archive

Latest news

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

A closer look at Mega cloud storage

CISOs need to engage with the board

Wi-Fi client security weaknesses still prevalent

"NATO vacancies" phishing email also leads to malware

Find TrueCrypt and BitLocker encrypted containers and images

Sourcefire goes beyond the sandbox

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Over 45% of IT pros snitch on their colleagues

Hacking charge stations for electric cars

Users targeted with phishing scam via Facebook messages

Posted on 24 January 2013.

Facebook users are advised to be on the lookout for bogus personal messages supposedly sent by the Facebook Security Team.

The message claims that the users' account has been reported for violating "policies that are considered annoying or insulting Facebook users," and that they have to "reconfirm" their account within 24 hours if they don't want it to be disabled.

Users who follow the link, they are taken to a website that has nothing to do with Facebook and are urged to complete the "security check":

Then, step by step and page by page, they are asked to fill out a variety of forms with information such as name, address, date of birth, email, email password, Facebook password, credit card number and type, expiration date, security code, and billing address:

Those users who have fallen for this very thorough phishing scheme will, among other things, get their Facebook accounts hijacked and used to spread the malicious message to their own Facebook friends, GFI notes.