Facebook "Free Mobile Recharge" scam hijacks accounts
Posted on 18 January 2012.
A phishing and survey scam rolled into one is currently targeting Facebook users and ends up hijacking their accounts and making it difficult for users to get them back, warns a McAfee researcher.

The victims are lured with messages seemingly posted by their friends claiming that they have received a "100rs free recharge". Following the offered link, they land to a page asking them to enter their Facebook login credentials in order to get it:


Once the account details are entered and the "Log In" button is pressed, the page redirects users to a page mimicking a Facebook one, which asks the user to complete a survey or to in order to unlock the recharge option.

In the background, the page sends the recorded login credentials - in clear text via a HTTP POST request - to a remote server operated by the scammers.

The scammers then use the login credentials to access the victims' Facebook accounts, change information contained in them (including the password and the email address) and post the same message that lured in the victims in the first place.

The affected users are consequently not only endangering their friends, but are also unable to immediately do anything about it. "Even if the victims try to reset their passwords, they will never get the password reset email from Facebook," points out the researcher.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //