As this year starts off fresh, cybercriminals have dusted off their social networking fishing hooks to aim them at Facebook users to bait them with fake 'Security Team' messages, which includes links to phishing sites designed to steal login usernames and passwords.
From what appears to be the very first mass-scale scheme conducted by cybercrooks this year on Facebook, is one that uses a bogus Facebook Security Team account to inform potential victims that the 'Security Team Has Suspended Your Page'. Within the message is a link to supposedly 'verify your account', which if clicked on, will redirect the user to a malicious site designed to obtain usernames and passwords. One of the sites in particular, was identified as utilizing an app within Facebook to ask for login information as show in Figure 1 below. The 3rd party app has since been shut down but could remain to be an issue for those who may have given up their logins and passwords.
Figure 1. Example of a fake Facebook Verification Page using phishing techniques to obtain login credentials.
The complete fake Facebook Security Team message reads: 'We have reviewed the suspension of your Page. After reviewing your page activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you have not responded to our notifications. Therefore, your account might be permanently suspended.'
The message actually has nothing to do with Facebook's security team or the violation of any terms of service. Those who give into the message and relinquish their login credentials will be unknowingly handing over access to their Facebook account to hackers who have wielded this mischievous attack.
This exploitation and phishing scheme was put on hold when Facebook got wind of it appearing on members' walls. The legitimate Facebook Help Center has provided a link to secure a Facebook account in the event that a user suspects that their account is hacked and sending out this malicious message.
With Facebook having well-over 1 billion users, hackers have a large audience at their disposal to render roguish scams on. Phishing scams on Facebook are nothing new under the sun and as the dark shadows are cast over new scams during 2013, we should all educate ourselves on some of the top Phishing scams used on social networks. Additionally, it is always a good idea to keep your anti-virus or anti-spyware software updated to ward off potential malware infections leading to common threats obtained on social networks like Facebook.