The offer of an app that supposedly allows users to view a new version of Facebook is the newest trick employed by phishers to get their hands on the users’ login credentials, Symantec warns.
In reality, there is no “Facebook 2013 Demo” app – the page on which the users’ are urged to log in has only one goal: record the submitted emails and passwords and sent them to a server controlled by the phishers.
Facebook users who land on the above phishing page are given clear instructions: they should log out of their Facebook account first, then log into this page, and they will be supposedly be able to see the “Facebook 2013” version for the next 24 hours.
The victims who have done what was asked will be immediately disappointed as they will be redirected to the legitimate Facebook login page and be faced with an unchanged look of the social network.
At this point, they will likely suspect something is wrong. Those who do are advised to immediately log into their Facebook account (if they can) and change their password to something long and complex. If they are lucky, the phishers will not have yet used the stolen credentials to hijack the account and use it for spamming their friends.
According to Symantec researchers, the scheme seems mostly directed towards Facebook users in India, as the phishing URL contains certain words in Hindi. They did not mention how the users were tricked into visiting the phishing page, but a Facebook spam campaign is the most likely culprit.