Facebook Fan Page phishing scam aims to hijack accounts

According to Hoax-Slayer, emails purporting to be from Facebook Security claim that a new security feature called the "Fan Page Verification Program" is being implemented at the social network, and that Page owners must click a link and choose a 10-digit security code to complete the process. Recipients are warned that their Page will be suspended permanently if the process is not completed by May 30, 2013.

In reality, of course, the scam designed to trick users into divulging their Facebook user names and passwords.

The messages appeal to the vanity of the intended victim. “After many Fan Pages have been stolen lately leaving us no choice but Deleting them forever, we had to come up with an original solution about the Fan Page's Security,” it reads in characteristically poor hackerese grammar, which should set off alarm bells immediately. It goes on to say, “Luckily, your Fan Page, has a lot of likes and provides High Quality Content, which qualify it for this program.”

The author then goes on to take an illogical tack: “Please be aware that this process it's open only until 30.05.2013 and it's mandatory to complete it. If you don't, your Fan Page will be suspended permanently since it is not considered safe for the wide audience.”

Page owners who fall for the scam and click the link provided will be taken to a bogus Fan Page Verification Program web page, and asked to submit Facebook login details as well as the supposed 10-digit "Transferring Code.” After completing the form and clicking the submit button, a confirmation message will be displayed.

“The supposed Fan Page Verification Program is nothing more than a criminal ruse designed to steal Facebook account details,” said Hoax-Slayer. “Victims will believe that they have successfully completed the procedure and will happily wait for the ‘confirmation,’ email blissfully unaware - at least for a little while - that they have just handed their Facebook Account login details to cybercriminals. Meanwhile, the criminals can use the stolen information to hijack Facebook accounts and Pages and launch further spam and scams campaigns in the names of their victims.”

The researchers said that the phishing scam is “a little more sophisticated than others of its ilk” but is nevertheless similar in intent to a long running series of "Facebook Security" scams that have plagued Facebook users for several years.

Facebook scams have been back in the spotlight lately, with the discovery in March the resurging Facebook Black fraud. The new Black scam directs its victims to a Facebook page promoting Facebook Black, which uses a Google Chrome extension to download two JavaScript files. Those then create a new Facebook page on the victim’s account, which includes an iframe to the page that will redirect users to the Facebook Black landing page. Ultimately though, users who install the Facebook extension will be presented with a set of survey scams, which is how the hackers monetize their activities.

What’s hot on Infosecurity Magazine?