[German]Today, another security topic that comes to my attention quite often on Facebook. One of the people in my Facebook friends list tells me a few days ago, that I've been tagged and that I can find out who visited my profile. Not that I would be particularly interested in this. But behind this approach is a nasty phishing scam.
Advertising
In the last few days, another message like this washed up in my Facebook profile, so I would like to elaborate on it in a blog post.
A Facebook message from "friends"
The first thing you notice in the notifications is that someone has tagged you. I usually take a quick look at this to see if there has been any mischief. When I then visited the profile, I was shown the typical notification on Facebook as a post.
Facebook phishing message: who visited the profile
I found a post (the above screenshot shows the German version of this scam, because my profile is located to German – but works also in other languages) that says "Find out who visits your profile …". Is of course all too tempting for the common Facebook user, "you want to see who of your many friends looks at you". Flaw #1 is that there is no such feature on Facebook.
Flaw #2 is the fact, that the link displayed below the image, redirects to an external web site. The target URL can change arbitrarily, but the first part of the URL with the many characters signals that it must be something malicious. The page in question has been hacked.
Advertising
Facebook phishing page on Virustotal
The fatal thing about it: Since the external page usually does not spread malicious code and the URL changes constantly, virus scanners do not detect it. I have checked the above URL on Virustotal. The URL is shown as clean.
It might look different if you are asked to install something in order to see the profile visitors. Then there is certainly malware behind the installer.
In my opinion, the notifications in question come from "fake friends" that careless Facebook users have added to their friend list. If a scammer lands on a profile, he may be able to send such a message to all of the person's friends and possibly place friend requests there as well. But public Facebook profiles can also be exploited, so that the scammers can ask to be added to the friends list
Facebook phishing scam
The obscure URL by the title "Find out who visits your profile …" signals that the post links to this page. If the unsuspecting user clicks on this link or the image, Facebook redirects him to the external website in question. There he will probably find an indication that x friends have visited his profile – see the German form showed to me.
Alleged Facebook profile visitor count
The curious Facebook user wants to know who exactly these profile visitors are. A link to view the list is then provided. If the user clicks on this link, a page appears asking for Facebook login.
Facebook Fake Login
And that makes it clear what the scammers are aiming for. The user is supposed to be tricked into entering the Facebook login data in the form. Anyone who does this sends the scammers precisely this data – a classic phishing approach. If the person falls for it, the scammers take over the Facebook account with the login data and abuse it.
Facebook has published this page with information on the topic of phishing. Anyone who can no longer access their Facebook account because the scammers have already taken over the account must restore the Facebook account using the methods mentioned the above page.
If you immediately notice that you have fallen for phishing, you should immediately change your Facebook password so that the scammers cannot log in to your Facebook account. It is important that you do not use a password that is easy to determine and that perhaps changes one digit from the old password. The fraudsters could then still guess the new password by trying out various combinations.
If you search the Internet for this topic, you will find information at zdnet.com, and here.
Advertising