Facebook “Enter Details Here to Enable Your Account”

Wednesday, July 30, 2014

Malwarebytes

C940e50f90b9e73f42045c05d49c6e17

By: Jovi Umawing

We at Malwarebytes do our best to keep you, dear Reader, apprised with the latest threats we encounter that target Facebook users. As you may know, Facebook is one of the few prime targets of online crime, particularly fraud.

Here’s one in-the-wild phishing campaign that we spotted homing in on users.

Unfortunately, we couldn’t trace back the origin of this campaign; however, it’s highly likely that it started off as an email pretending to be a notification. As such, be wary of any received emails containing URL(s) that may lead you to us-facebook[dot]com. Successful access to the said site immediately forwards to us-services-facebook[dot]com, as pictured below:

us-services-facebookclick to enlarge

Warning Account Disabled.

Be sure you have provided a contact email address that belongs to you or are logged into an account that belongs to you. For security reasons, we cannot provide information about the reported account if you email us from an address associated with another user’s account.

Please Fill Your Correct Information Below To Verify Your Account.

Apart from asking for email address and password—credentials used to access a Facebook account—from the user, it also wants to get his/her webmail and corresponding password, date of birth, security question and answer, and country of origin—information that are irrelevant at best when enabling disabled accounts in general.

Once entries are filled in and the user clicks “Confirm”, they are then directed to this page:

Insta-buy Facebook credentials?click to enlarge

A “Payment Verification” page when users only want their accounts enabled? Uh-oh.

Unfortunately, this section cannot be skipped, which effectively forces users to make them think they’re “buying” Facebook Credits—perfect excuse to ask for payment details. Finally clicking “Confirm” after filling in credit card details opens the legitimate Facebook page on users’ “Statement of Rights and Responsibilities“.

So, has all that hoop-jumping led to the re-enabling of your account? No. Your account has never been disabled to begin with.

Although Google already blacklisted this website, prevention is still key: Ignore emails and posts in online social networks that potentially carry phishing links.

This was cross-posted from the Malware Bytes blog. 

12351
General Impersonation Phishing Phreaking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.