"Facebook 2013 Demo app" leads to phishing
Posted on 20 December 2012.
The offer of an app that supposedly allows users to view a new version of Facebook is the newest trick employed by phishers to get their hands on the users' login credentials, Symantec warns.

In reality, there is no "Facebook 2013 Demo" app - the page on which the users' are urged to log in has only one goal: record the submitted emails and passwords and sent them to a server controlled by the phishers.


Facebook users who land on the above phishing page are given clear instructions: they should log out of their Facebook account first, then log into this page, and they will be supposedly be able to see the "Facebook 2013" version for the next 24 hours.

The victims who have done what was asked will be immediately disappointed as they will be redirected to the legitimate Facebook login page and be faced with an unchanged look of the social network.

At this point, they will likely suspect something is wrong. Those who do are advised to immediately log into their Facebook account (if they can) and change their password to something long and complex. If they are lucky, the phishers will not have yet used the stolen credentials to hijack the account and use it for spamming their friends.

According to Symantec researchers, the scheme seems mostly directed towards Facebook users in India, as the phishing URL contains certain words in Hindi. They did not mention how the users were tricked into visiting the phishing page, but a Facebook spam campaign is the most likely culprit.






Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //