Symantec researchers have recently stumbled upon a phishing site that packs a double whammy: the site asks the user either to log into Facebook or to download an app in order to activate a bogus service that will supposedly let them know who visited their Facebook profile (click on the screenshot to enlarge it):
For those who opt for the first option and enter their Facebook login credentials the news is bad: their username and password has been sent to the phishers, and will likely be used to hijack the victims’ account.
For those who chose the latter option, the news could be even worse. The file (WhoViewedMyfacebookProfile.rar) offered for download contains an information-stealing Trojan, which can potentially gather all kinds of confidential information from the victims’ computer – including personal, financial and login information for different online services – and is set to send them to the attacker’s email address.
But, as the researchers noted, that email address has not been valid for 3 month, so the information gets sent and lost into a virtual black hole of the Internet. Nevertheless, the malware can get updated at any moment, and the email address in question changed to a valid one.
“If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes,” note the researchers. The phished credentials are, then, obviously sent to servers controlled by the attackers, and not to the aforementioned email address.
But whether this phishing scam is stil active or not is not the point, because other similar ones are popping up daily. The good thing to remember is to be careful about where you are entering your account credentials (always check if the URL is the right one, and don’t follow links from unsolicited emails) and what software you download (don’t accept software you haven’t asked for, and be careful when searching for software online – keep to established download sites).