Facebook Inc. (NASDAQ:FB) users are facing the prospect of a new type of phishing scam attacking their accounts.
The new scam works by showing users a message saying “OMG your photos are being used on this site”. The first site that this message has been found on is Tumblr. When a user clicks on the message, they are instantly taken to a Tumblr spam blog, and from there redirected to a Facebook login lookalike page. The fake Facebook login page prompts them to enter their user name, and password, in order to see the photos and their login information is then known to the spammers.
This kind of scam is much more common on Twitter but, as with everything in social media, once something is successful on one platform, it quickly graduates to the other social media forms.
This latest scam comes hot on the heels of an advisory warning by Netcraft. They have discovered a similar scam with a fake login page for Chase bank hosted on a hacked gift store website. This scam gets users to reveal their email address, and their online banking password. The scam then takes it one step further, and prompts the user for their email password in order to ‘verify’ them.
The danger with this scam is that not only do the scammers get access to the user’s bank accounts, but they can also use the information in their email to discover other places that the user has accounts. By initiating password resets, the cunning cyber-criminal can effectively take over all the online activity of the user, and also delete any transaction notifications to keep the user in the dark.