Facebook users are being lured into giving up their credentials in response to alarming messages about terror incidents and celebrity deaths.
In one campaign, detailed by We Live Security, Facebook users in the Czech Republic received alerts on their news page about a “deadly attack in Prague.” The social engineering scam begins with someone with a compromised account tagging a target while commenting on their user page. After clicking on a link, the victim is directed to a phishing web page that asks for Facebook login credentials in order to reach further news on the incident. Once logged in, the target is detoured to another phony Facebook page.
“Scam campaigns, if designed to be emotionally appealing, fare surprisingly well because of our unfortunate behavior,” Lukáš Štefanko, a malware researcher at ESET, wrote in the post.
Once the Czech campaign was debunked owing to news reporting, the miscreants shifted their attention to neighboring Slovakia and repeated their scam (in the local language, Slovak).
Štefanko said that in the past few weeks there had been 84 domains registered by the same person. A number of these have Facebook phishing functionality, while others might be deployed for large-scale attacks at a future date, he warned.
Meanwhile, another scam campaign reported on a blog post by Malwarebytes Labs, employs a similar strategy to get Facebook users to give up their credentials, but in this case they receive notices of celebrity deaths, in particular, that of actor Will Smith’s son Jaden.
Here, users are redirected to ads that might be delivering malvertising or to videos that upon clicking brings them to an online video service provider. Once landed here, users must give up Facebook credentials to watch the video purporting to offer more news.
Whether shocking notices of possible terrorist incidents or headline-type announcements that exploit viewers’ sympathies, these social engineering tactics are not new. Experts advise users to be wary of possible fake news and to proceed with caution when tempted by phony pitches.
Recipients who believe their Facebook accounts may have been infiltrated by one of these ploys are advised to change their Facebook password and any other account duplicating the same login information.
Morgan Slain, CEO of SplashData, a Los Gatos, Calif.-based provider of security applications and services, told SCMagazine.com that he always recommends that people tighten their Facebook security and privacy settings. Primarily, he suggested that users only choose “Friends” when setting up Facebook privacy settings and choosing two-factor authentication under Login Approvals. He writes more about it here.