Popular social networking Web site Facebook has been targeted yet again by new phishing scam. According to security firm Sophos' Nake Security blog, Facebook users have been receiving phishing emails that are threatening to delete users' Facebook accounts unless the victims pass along their account details within 24 hours.
The security firm said in an official post that the phishing emails are falsely accusing Facebook users of violating policy regulations by annoying or insulting other Facebook users. The allegations are then followed by a request that asks users for their private Facebook details including login particulars and part of recipients' credit card numbers, the Times of India reported.
Warning users, the blog post said the emails were entirely phony and were not coming from Facebook. Social media venues would not request financial information, nor would they request login details.
According to the blog, a typical phishing scam reads like this:
LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
The Facebook Team
Copyright facebook © 2011 Inc. All rights reserved.
Recipients who click the link are presented with a fake Account Disabled Web form that asks for Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user's credit card number and their country of residence.
Once done with the form, the victims are shown another form titled Confirm to your webmail that asks for webmail program and password. After completing this one, the victims are taken to a third form labeled Terms of Service. The form again asks for user name and the first six digits of the user's credit card and warns victims that their accounts more or less will be lined up in front of a firing squad and shot at dawn unless they comply. The bogus message says:
If you ignore this warning, then our security system will block your account automatically.
The blog talks about another Facebook scam, purporting to be from Facebook Security, which claimed to be looking out for users' accounts being accessed by unauthorized parties. According to the blog, the scam reads like this:
Subject: Did you log into Facebook from somewhere new?
Dear [Username removed]
Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.
Your account was accessed from a new location : Anonymous Proxy.
If you are not signing into your Facebook account from Anonymous Proxy, your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.
Please be sure to visit the Facebook Service Account for further information regarding these security issues.
[link to scam page removed]
Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.
Facebook Security Team