A newly designed version of a notorious Facebook Trojan is once again spreading across the site, this time employing a simple scare tactic to defraud users.
The Trojan, called "Carberp," takes victims to a rigged Web page — it looks exactly like a legitimate Facebook page — that tells them, "Your Facebook account is temporary [sic] locked!" the security firm Trusteer wrote in a blog.
If the grammatical error doesn't raise a red flag, and you believe your Facebook account is truly frozen, the scam promises to unlock your account as long as you enter your name, email address, date of birth and Facebook password to "confirm verification."
The most damaging aspect to the Carberp Trojan scam is that, along with the sensitive information it asks for, the scam demands a ransom, in the form of a $25 Ukash voucher, which, the phony Web page says, will be "added to your Facebook main account balance."
This is, of course, "obviously not the case," Amit Klein from Trusteer explained. "Instead, the voucher number is transferred to the Carberp bot master who presumably uses it as a cash equivalent (Ukash provides anonymity similar to that offered by cash payments), thus effectively defrauding the user of 20 euro/$25."
Klein warned Facebook users to be suspicious of odd requests, as they may carry deceitful Trojans like Carberp or Zeus, another piece of malware specifically crafted to harvest online-banking credentials. Remember, if you feel a Web page or app is asking for too much personal information, it probably is. No trustworthy site will ever lock you out and demand payment. For a list of ways to stay safe on Facebook and other social networks, click here.