ESET researchers are warning about Facebook hoax scams
that spread fake terror news to trick victims into disclosing their Facebook
credentials.
For example, Facebook users in the Czech Republic were
targeted with a fake news report on a “deadly attack in Prague”. Soon after the
Facebook scam was publicly disclosed in Czech mainstream media, the crooks turned their attention
to the Slovakia (in Slovak) and duplicated their tricks to find new
victims.
“From what we have learned about this campaign, the
attack may be designed to continue in other countries,” warns Lukáš Štefanko, a
malware researcher at ESET.
The scam starts with a compromised user account
sharing or commenting on the status of a terrorist attack. The victim’s friends
are tagged in this comment as well. When a user clicks on this hoax, he or she
is redirected to a phishing webpage that requests his or her Facebook
credentials to proceed to a site with more information about the incident. If
the user enters the credentials (be they genuine or not), they are redirected
to another fake Facebook page.
As with other tragic events, i.e. the crash of
Malaysia Airlines Flight 370, the Boston marathon attack or recent terrorist
attacks in Europe – these incidents become an opportunity for criminals to
trick victims with social engineering techniques.
In the case of the Facebook scam in Czech Republic,
the fake news on the alleged terrorist attack was easy to debunk as the
location in the image clearly didn’t resemble Prague, or in fact any other
major city in Europe.