Phishing scam and malware distribution scheme combined

The Facebook phishing campaign spotted yesterday turned out not to be so unimaginative after all.

F-Secure researchers decided to see it through and entered login credentials to a dummy account of theirs to see it it would get compromised. And immediately after having entered them and having pressed the “Login” button, a notice offering free laptops and iPads pops up.

A click on any of the “Claim Now” buttons takes the victim to a page offering a free Smiley toolbar – but no free iPad:

“No Spyware,” it says. “We take pride in our products!”. But if the user falls for the claim and downloads the offered .exe file, spyware is exactly what he will get.

So, it is a phishing scam combined with malware distribution. I can see why the scammers combined the two – in case Facebook detects suspicious access activity in the account, the user might think that the story is over after he changes the account’s password. If he doesn’t have an AV solution installed on his computer, he might not notice that the spyware is hard at work in the background.