Facebook Attack Forces Users To Submit Login Info
First a Facebook someone purporting to be a friend posts an image to the user's profile. So the user then types in the URL and proceeds to "stealing pics" to take them down.
Not that easy, however. First the user is presented with an auto-renewing subscription service for just $9.99 a month, and then is prompted to fill out a goofy multiple choice pop quiz, which, at first perusal, appears harmless.
Upon completion of this quiz, the user is hit up to take a "Personalized IQ Test," which for some reason, requires the user to enter his or her cell phone number.
"That's the money shot, right there. I enter a random phone number, but the site detects that I am not visiting from the U.S., and helpfully serves me up a new offer, this time based in the U.K.," Trend Micro security blogger Rik Ferguson said.
Ferguson pointed out that the scam proceeds to offer the user an e-credit card, with a membership fee of about $100 and a monthly $6.20 maintenance fee. Oh, and a $12 inactivity fee. Where can this e-credit card be used? Well, only at the e-Credit Plus Shopping Club Web site, of course.
Ferguson politely declined the kind offer. But once again, he doesn't get off that easy. Unfortunately, the attackers have other plans. They led him through a series of pop-up windows unresponsive to the "Cancel" button demanding that he accept the new line of credit.
The attack then forces Ferguson to surrender by clicking "OK." Finally, yet another window prompts him to submit his accurate login credentials.
And so goes another scam in which the attackers successfully strong-arm their victims into submitting credentialed information in order to further distribute malware and subject other unsuspecting souls to the fraud.
"Back once again to the familiar old bulletin pics scam from my previous blog post," Ferguson said. "I give them my password along with my name and e-mail address, they show me a picture of a monkey, and finally they let me know exactly how I can go and e-mail this to all my friends, just in case the traditional delivery through compromised accounts doesn't work for them."