Just when the dust over the recent wave of 'spam attack' on Facebook showed signs of settling down, the 800 million user social network is in the news, yet again. An official post Sophos's Naked Security blog confirmed that Facebook users have been receiving phishing emails threatening them, saying that unless they don't part away with their private Facebook details within 24 hours, their accounts will be deleted.
The post states that several Facebook users have been receiving phishing emails falsely accusing them of violating Facebook policy regulations by annoying or insulting their fellow Facebook users. The allegations are then followed by a request to the user asking them to part with their private Facebook details, like their Facebook login details and a part of their credit card numbers. While it is pretty clear that such mails are not from Facebook, several gullible users may fall prey to this, which is a horrifying thought.
Needless to say, the miscreants here are trying to make away with the credit card details and private Facebook account details of the user, and then using the same information (Facebook account details) further spread the spam, thus making it a vicious circle. While it needn't be elaborated on as to what the effects of a miscreant gaining someone's credit card details would be, losing your Facebook account details could virtually lock you out of your account.
According to a post on Hoax-Slayer, a typical spam phishing mail will read something like this –
LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
The Facebook Team
Copyright facebook © 2011 Inc. All rights reserved.
Subject: Did you log into Facebook from somewhere new?
Dear [Username removed]
Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.
“Your account was accessed from a new location : Anonymous Proxy.”
If you are not signing into your Facebook account from “Anonymous Proxy”, your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.
Please be sure to visit the Facebook Service Account for further information regarding these security issues.
[link to scam page removed]
Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.
Facebook Security Team
Users unaware of the intentions of such mails, end up clicking the link given below “Please confirm your account below“. On clicking the link, users are shown the fake form below. The form – “Account Disabled”, wherein a user is asked to enter his Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user’s credit card number, and their country of residence.
The bogus “Account Disabled” form (Image credit: Hoax Slayer)
On filling the form, a “Confirm to your webmail” page is displayed, which requests the user to enter their webmail username and password.
The bogus “Confirm to your webmail” page (Image credit: Hoax Slayer)
Finally, the user is taken to the third and the final bogus form, this one's labeled “Terms of Service” and is the scariest part. Here, the user is asked to reveal his username and the first six digits of the user’s credit card.
The bogus “Payment page” (Image credit: Hoax Slayer)
Users need to be strictly wary of such bogus emails, and also bear in mind that Facebook will never ask them to part with details, as private as their credit card numbers, username, password.