Facebook phishing schemes are turning ‘friends’ into enemies

By Robert E. Holtfreter, Ph.D., CFE, CICA

robert-holtfreter-80x80.jpg   Taking Back the ID: Identity theft prevention analysis



Like most of his friends, Duke Winston was addicted to the Internet and all of its bells and whistles — LinkedIn, Twitter, Facebook and many other social media sites. He also searched many shopping sites for the best deals. Winston was fraud savvy and frequently checked his credit card statement to verify charges. One month he noted a few unfamiliar transactions. He called his wife to see if she had bought the suspicious items but she hadn’t. He immediately called his credit card company. The representative from the anti-fraud department asked Winston if he was a heavy Facebook user; he said he was. The rep told him he might have been a victim of a social network phishing scheme that tricked him into giving up his personally identifiable information (PII), including credit card data, to fraudsters. Winston remembered that he recently clicked on a link that took him to a Facebook screen that asked for some of his PII. 

This case is fictional, but it’s representative of scammers’ latest and relatively sophisticated social network phishing scheme directed to Facebook users. This scam spoofs real FB verification web pages and steals users’ account credentials and PII including credit card information, which criminals eventually use for identity theft. Victims are left holding the bag and can spend hours cleaning up the mess.


Hundreds of millions of Facebook users of all ages log onto the site several times each day, and legitimate advertisers are flocking to sell their products. However, rogue marketers and hackers are hijacking user accounts and sending out spam messages to friends of user account holders to hawk their wares or scams. How do they do this? John Ochs provides the answer in his article, “Avoid Facebook Phishing Schemes,” on the Ezine Articles website. 

“This is really just a new delivery method for an old phishing scheme,” Ochs writes. “Phishing happens when you enter your login credentials on a fake Facebook login page or download malicious software to your computer. This may result in messages or links being automatically sent to a large number of your friends. These messages or links are often advertisements encouraging your friends to check out videos or products.

“The hacker sets up a dummy Facebook profile and sends out hundreds of friend requests and waits for the requests to be accepted. Once some are accepted, they send out tricky messages via Facebook chat or by posting to the wall of their new Facebook friends,” Ochs writes. 

The message may provide a link to a viral video or some other Internet meme. For example, it might read “check out this video — you would not believe” or “jump on this unbelievable offer before it’s too late.” The malicious link leads to the bogus Facebook account login screen. Then, according to Ochs, “The user assumes that they were logged out for some reason (which occasionally does occur) and re-enters their Facebook username and password. What they don’t realize is that the page did not belong to Facebook and they just gave their username and password to a hacker. 

“Once the hacker has collected the user’s Facebook account credentials,” Ochs writes, “they simply log into the account, change the password and begin sending out advertisements for affiliate programs, as well as more invitations to give up your account info. This process continues to spread because people are simply not aware.” The result? Hackers collect valuable PII, which they use to steal identities. 

Software architect and Microsoft expert Troy Hunt dissected a version of this FB phishing scam January 7 on troyhunt.com, in the article, “Please login to Your Facebook account: the execution of a data mining scam.”

The hacker sets up Screen shot No. 1 (below) to capture users’ FB credentials by asking them to log in by providing user names (email addresses or telephone numbers) and passwords. An astute user would have noticed that this FB web page has the domain name, “faceboourk.com.” However, most users don’t pay much attention to domain names.  

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.