A computer security firm on Thursday warned against a new "brute" phishing scam that threatens to delete a prospective victim's Facebook account if he or she does not hand over his or her account details in 24 hours. The messages claim the victims had violated Facebook policy regulations by annoying or insulting other Facebook users, Sophos said. "The messages are then requesting personal and financial information including Facebook login details and part of recipients’ credit card numbers," Sophos said in a blog post. But Sophos pointed out the emails are entirely bogus and do not come from Facebook. It noted social media venues would not request financial information or login details. "The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims," it said.
Sophos said it is possible the scammers can use the ill-gotten information to hijack a user’s Facebook account, then pose as the account holder to send out more scam messages and spam to a victim’s Facebook friends. "Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity," it added. Citing data from hoax website Hoax-Slayer, Sophos said the phish email gives recipients a "last warning" that their accounts may have violated Facebook policies. Recipients who click the link will be presented with a fake Facebook "Account Disabled" web form that asks for Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user’s credit card number, and their country of residence. After completing this first form, the victims are taken to a second form labelled “Confirm to your webmail” that requests webmail program and password. Victims are then led to a third bogus form, labeled “Terms of Service,” that asks for the victim's username and the first six digits of the user’s credit card. "The story lines differ, but at heart, today’s is just the Facebook scam du jour. A similar recent Facebook scam purporting to be from Facebook Security claimed to be watching out for users’ accounts being accessed by unauthorized parties," Sophos said. "New day, new attempt. All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information. The mere request is a surefire way to suss out bogosity," it added. — TJD, GMA News
