How often do you log in to Facebook? Ten
times a day? Fifty? All it takes is once for a
new piece of financial fraud malware to
catch you off guard and make off with your
money.
A reworked version of the cyberattack tool
called Ice IX is the culprit; in its new
configuration, the Web injection component
of Ice IX hits unsuspecting Facebook users
with a pop-up window immediately after
they log in, Amit Klein from the security
company Trusteer explained in a blog. The
Web inject that triggers the scam is being
sold in underground cybercrime forums.
The rigged window, which looks exactly like
a real Facebook page, tells users they need
to "verify" their identity by entering their
credit card number, expiration date, card
identification number, name and address.
The message in the fake Facebook page
says the "verification" is needed "in order to
provide you with extra security." Of course,
as soon as you hand over your financial
data, it's out of your control and now you're
in serious trouble.
Equally crooked scams, with the "verify your
identity" hook and a desire for your banking
credentials, have also been spotted hiding
under the assumed legitimacy of emails
from eBay and US Airways.
The website Hoax-Slayer reported finding an
email claiming to be from eBay that, just like
the Facebook Ice IX scam, tells recipients
they are signed in "from a computer we're
not familiar with," and that in order "to
make sure no one is trying to access your
account with permission," they need to
confirm their identity.
Different approach, similar results: The link
included with the message takes users to a
rigged eBay login page that asks them to
type in their email address, name and
password.
In a post on a Kaspersky Lab blog, Dmitry
Tarakanov detailed another phishing email,
this one purporting to come from US
Airways. For more than a week now,
Tarakanov said this scam has been
spreading, telling victims they can check-in
to their flight. If they follow the instructions
to do so, victims are taken through a series
of steps that, ultimately, results in their
computers being compromised with the
Zeus Trojan, a dangerous banking-account-
siphoning cyberweapon.
With so many types of scams out for your
identity and cash, it's best to be extremely
cautious with any type of pop-up window
or unsolicited email that asks you to divulge
any personal information. Basic common
sense — would you tell a stranger on the
street your Facebook password or your
credit card number? — should hold true
when you're online. To bolster your security,
No comments:
Post a Comment