Hijacked Facebook Fan Pages are a great asset to online spammers and scammers, so it’s no wonder that at any given time there are a number of active phishing campaigns aimed at their administrators.
Symantec researchers shared a particularly well-executed one that tried to trick users into believing that a new, mandatory verification process for Fan Pages has been instituted by Facebook (click on the screenshot to enlarge it):
The phishing page – titled “Ensuring Social Security” and hosted on a server in the United States – claimed that any Fan Pages that are not verified before 30.05.2013. would be shut down.
When the victims submitted the asked for Fan Page name, email address, password, and security code, they would be informed that the Fan Page is being verified and they will be notified within 48 hours when the process is completed.
“The fake application site was designed to look like an official application site,” the researchers noted, adding that the phishers also took care to use SSL, so that the page would look legitimate and trustworthy.
This particular campaign was active in May, but users should do well to be on the lookout for similar ones all the time.