A very convincing scam that spoofs Facebook verification pages is being used to steal users' personal details and credit-card information before taking user to the real Facebook, leaving many victims none the wiser that they've just given their sensitive details to criminals.
The scam, outlined by Australian software architect Troy Hunt on his blog, starts out as a link to a viral video or other Internet meme, perhaps in a friend's tweet. It's a shortened link that obscures its real destination, but users will be relieved to land on what looks like the standard Facebook login page.
After the visitor logs into his Facebook account, the phony site asks victims to update their Facebook account security and provide additional information — a security question, a mobile-phone number and full credit-card details, right down to the expiration data and card security code. There's even an "overall protection" graph that mimics password-entry forms.
Unless they pay close attention to the address bar, the nearly perfect spoof page is likely to make users feel perfectly safe. Although the page looks exactly like Facebook, it's actually faceboourk.com.
Once users have given "Faceboourk" their Facebook login credentials, phone numbers and credit cards, the site's work is done. It takes them to the real Facebook login page, stealing their personally identifiable information and dumping them at Facebook's front door in one seamless motion.
Scams like this aren't new or uncommon, but this one's level of sophistication and lack of spelling mistakes makes it especially noteworthy.
Hunt tried to look up the Internet registration information for the phony site, but was only able to glean that information entered into the faux Facebook pages was redirected to a "parked" (unused but registered) porn URL, and from there sent elsewhere.
Hunt said he thinks the scam may have abated for now. Still, Internet users should always treat links with skepticism and pay close attention to the URL, especially when entering sensitive information.
Scammers likely use the information gleaned from such phishing scams to sell on the black market or commit identity theft and financial fraud.
Their unscrupulous activities can lead to days, weeks and even months of financial headaches as victims attempt to sort out the financial havoc that's been wreaked on their lives.