Facebook – Account Enable Account Scam JULY 2014
Malwarebytes warns of phishing scam circulating that has an FB-like address that attempts to capture personal and even credit card information
Hereâ€™s one in-the-wild phishing campaign that we spotted homing in on users.
Unfortunately, we couldnâ€™t trace back the origin of this campaign; however, itâ€™s highly likely that it started off as an email pretending to be a notification. As such, be wary of any received emails containing URL(s) that may lead you to a name similar to Facebook but malicious in nature
Apart from asking for email address and passwordâ€”credentials used to access a Facebook accountâ€”from the user, it also wants to get his/her webmail and corresponding password, date of birth, security question and answer, and country of originâ€”information that are irrelevant at best when enabling disabled accounts in general.
A â€śPayment Verificationâ€ť page when users only want their accounts enabled? Uh-oh. Unfortunately, this section cannot be skipped, which effectively forces users to make them think theyâ€™re â€śbuyingâ€ť Facebook Creditsâ€”perfect excuse to ask for payment details. Finally clicking â€śConfirmâ€ť after filling in credit card details opens the legitimate Facebook page on usersâ€™ â€śStatement of Rights and Responsibilitiesâ€ś.