The recent addition to the Facebook phishing scheme has a real-like effect, which convinces users that their account would be deleted, unless they hand over various account details within 24 hours. The details have been listed on three forms and the users are asked to detail their information on the said forms.
Sophos Security is warning about the scheme, which was shared on Hoax-Slayer. The phishing scheme might have got a number of user details till now and might continue targeting many more with their efforts. Moreover, there are a number of emails, which users get that they are violating the social network’s policy regulations by annoying or insulting other Facebook users, mentioning that the emails are purported from the Facebook team. There is more to it, as it even notes that the user’s accounts would be deleted if they do not provide certain personal and financial information (including credit card numbers), within a span of 24 hours.
Lisa Vaas on Sophos’ Naked Security blog said, “The emails are entirely bogus.” She continued noting, “The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims.”
A detailed note, posted by them was stated as under:
As pointed out by Hoax-Slayer, scammers can use the ill-gotten information to hijack a user’s Facebook account. Then, posing as the account holder, the criminals can send out more scam messages and spam to a victim’s Facebook friends, bolstered by the trust users place in their friends.
Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.
Hoax-Slayer goes further in warning the users, not to click on any such link, which has a mention in such emails. It noted, “Those who fall for the ruse and click the link will be first taken to a fake Facebook ‘Account Disabled’ web form that asks them to provide Facebook login details and part of their credit card number.” One can have a look at an example of the fake form below:
Hoax-Slayer further noted, “Once the victim has completed this bogus form, he or she is then taken to a second fake form that asks for webmail login details,” That is not yet over. Once the second form is done with, the user “is taken to a third bogus form that asks for a username and — again — the first 6 digits of the user’s credit card number.”
One should note that Facebook does not resort to such activities, which has a mention in their security page too, which reads:
Spammers and scammers sometimes send phony emails that have been made to look like they’re from Facebook or another reputable website. These emails can be very convincing, and the “From:” field can even be spoofed to include “Facebook” or “The Facebook Team.”
If an email looks strange, don’t click on any of the links in it, and delete it from your inbox immediately. Be especially wary of emails that ask you to update your account, tell you to open an attachment, or warn you to take some other urgent action.