The attack begins with a private message, purportedly from "The Facebook Team," that reads "Last Warning: Your Facebook account will be turned off Because someone has reported you. Please do re-confirm your account security by: http://apps-xxxx-xxxxx-user.de.vu."
If you are naive enough to click, you are led to a Web site that first asks for your first and last name, Facebook password, birthday and email address. When you complete that first page, you are then led to a page to fill out financial information.
On that second page, the nice scammers write "We will never ask you for your full credit card number, but we may ask for the first six digits." Despite that kind warning, the next page then asks for full credit card number, four-digit security code, expiration date and your billing address. As a note, the phishing page says the info will only be used to purchase Facebook Credits for games.
Writes Kaspersky Lab: "These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social medias. It is also recommend[ed] that you contact your security vendor and the social media vendor if you encounter these sites."
Written by: Andre Yoskowitz @ 15 Jan 2012 18:52