Facebook video users targeted in phishing campaign
Thu 3 Dec 2015
Following the introduction of its updated video upload and view feature, Facebook has seen an increase in the number of video-related scams and phishing campaigns targeting its unwary users.
Security researcher Malwarebytes has today highlighted a new attack which exploits the popularity of the new video feature, luring Facebook users with the promise of a free ‘Facebook Videos Application.’
Presented with a pop-up window the user is shown a message reading (in Spanish): ‘Facebook Videos Application (Free) […] Facebook needs to confirm the following information to allow access to this videos application. Login!’
It then asks for the user’s e-mail address or phone number, along with their Facebook password. Once the account details have been entered, the PHP script file on the counterfeit Facebook page processes the data before forwarding it to the attacker.
The researchers also discovered a similar phishing campaign on fake Facebook site facebookstls[dot]com. In this instance the message reads (again in Spanish): ‘Facebook Video 18+ (VERIFY YOUR AGE) […] Facebook needs to confirm your age to allow access to this video verify your details!’
Scammers are well versed in exploiting popular Facebook features and apps. In September, the much-hyped Dislike addition attracted attackers to the social network. The campaign saw cyber criminals target impatient Facebookers by tricking them into believing that they could click on a link to gain early access to the feature. The malicious link enabled access to users’ private Facebook accounts and permitted hackers the ability to share further scam links to their contacts.
A further scam in the summer baited Indian Facebook users before posting embarrassing porn spamware on their behalf through timelines and private messages.
Security experts advise that those affected by these attacks should change their social network credentials, remove any suspicious extensions from their web browsers and to delete any unnecessary applications.