PandaLabs, the malware analysis and detection laboratory at Panda Security, has encountered a spoof Facebook page designed to steal passwords from users of this social network. The URL and content of this Web page are similar to those of the real service, therefore users that reach this page could easily be tricked into entering their user name and password. If they do so, the page returns an error, which should help alert users to the fact that this is a malicious site. You can find images of the process in Flickr.
Any data entered in this fake Web page will end up in the hands of its creators.
“This fraudulent URL is probably being spread around through emails and through BlackHat SEO techniques. In any event, once cyber-crooks have the user’s details, they can take any action from the account including publishing spam comments with malicious links, sending messages to contacts, etc.”, explains Luis Corrons, technical director of PandaLabs.
To avoid falling victim to this fraud, PandaLabs offers the following advice:
– Don’t reply to or follow links included in unsolicited emails.
– Carefully check that the URL in which you are entering any data is really that of Facebook, as these fake websites often use similar addresses, with perhaps just one wrong letter.
– If you have entered your data on one of these pages, quickly go to your account and change your password, to prevent anyone from accessing it.
– If you can’t access the account, Facebook offers services through which you can reclaim your ownership of the account.