Phishers Use Malware in Fake Facebook App

Phishers Use Malware in Fake Facebook App

Symantec has observed phishers utilising a new tactic to steal Facebook login credentials, but their means of data theft wasn’t phishing alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.

Click for big version.

The phishing site boasted an application that would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app and if users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their private information for criminal purposes.

Internet users are advised to follow best practices to avoid phishing attacks:
-Check the URL in the address bar when logging into your account and make sure it belongs to the website that you want to go to
-Do not click on suspicious links in email messages
-Do not provide any personal information when answering an email
-Do not enter personal information in a pop-up page or window
-Ensure that the website is encrypted with an SSL certificate by looking for the padlock image/icon, “https” or the green address bar when entering personal or financial information
-Use comprehensive security software, such as Norton 360, to protect yourself from phishing scams and social networking scams
-Exercise caution when clicking on enticing links sent through email or posted on social networks

More information is available in this Symantec Security Response blog: http://www.symantec.com/connect/blogs/phishers-use-malware-fake-facebook-app .

ENDS

© Scoop Media