ESET is warning about Facebook hoax scams that spread terror news to trick victims into disclosing their Facebook credentials.
The scam starts with a compromised user account sharing or commenting on the status of a terrorist attack. The victim’s friends are tagged in this comment as well. When a user clicks on this hoax, he or she is redirected to a phishing webpage that request his or her Facebook credentials to proceed to a site with more information about the incident.
If the user enters the credentials (be they genuine or not), they are redirected to another Facebook page.
As with other tragic events – such as the crash of Malaysia Airlines 370, the Boston marathon attack or recent terrorist attacks in Europe – these incidents become an opportunity for criminals to trick victims with social engineering techniques. This scam spreads quickly as Facebook users often share stories without actually reading them.
Facebook has started to block the phishing Facebook pages used in this campaign and ESET security products block phishing websites connected to this scam along with other domains registered to the same person.
In the past week there were 84 domains registered by the same person. Several of them have the Facebook phishing functionality, while others could be used in future for a larger scale attack. After learning that ESET, possibly along with other security vendors block the domains, they move the phishing websites to other newly established domains.
Based on ESET’s research, it is a strong possibility that the crooks behind this campaign are planning other phishing attacks, and Facebook users are therefore urged to pay attention to what they are about to like or share.
To all those who think they might have been tricked into sharing their Facebook credentials, ESET security experts recommend that they change their passwords. And, of course, if you have been using the same password for multiple devices, change the password wherever applicable – and put a stop to the extremely risky practice of password sharing.