These Facebook Login Scams Will Steal Your Bank Account Info – Be Careful!
These days, everyone’s heard of phishing scams. One of the latest such attacks is targeted squarely at Facebook users – all 1.23 billion of us around the globe. The trick is a straightforward bait-and-switch that could cause users to willingly hand over their email address, password, and bank account information. But this time, even savvy internet users could fall into the trap due to a new, devious twist: the hackers use https addresses to mask their nefarious doings.
On the surface, phishing scams are relatively simple. A hacker will set up a fake website to resemble a real online service, and dupe unsuspecting users into entering their email, password, and (in some cases) their credit card information. All of the data gets sent directly to the hacker, and he/she either logs into your email account to unleash more damage, or drains your life savings.
The most obvious red flag that you’re on a fake website is the lack of a proper “https” protocol in the address bar of your web browser. The “s” in “https” stands for “secure”, and it generally signifies that the website you’re at is the genuine article. Unfortunately, this method of checking isn’t enough to keep you safe anymore. In the latest spate of phishing attacks, Facebook users will receive emails warning them of an infraction on their Facebook account, and prompting them to restore their account within 24 hours or face permanent deletion.
Strangely, these Facebook login scams make use of Dropbox and Amazon Web Services to hide behind reputable-looking https URLs (although the grammar on the fake pages is obviously not up to par with Facebook’s standards). Furthermore, the Baidu Antivirus security team discovered that, unlike previous Facebook login scams, these new tricks make users jump through multiple different websites in an attempt to avoid detection by antivirus software.
Figure 2. Facebook phishing scam methodology
The Baidu Antivirus security team also found that there are two different variants of this type of phishing attack: one that aims to steal users’ login information (see Fig.1), and one targeted at collecting users’ bank information (see Fig.3).