What

What a show the world of online socialites is putting on these days! As the users’ choir have a hard time digesting the recent f8 changes and, consequently, belt out: “Stop, in the name of love/ Before you break [our] heart”, Facebook developers cheerily yodel their own version of: “Don’t stop me know/I’m having such a good time, I’m having a ball…”. Whatever part of this repertoire is closer to your heart, you MUST have at least heard about (if not even participated in) this recent social network revolution.

Barrels of virtual ink have flooded the Internet in an attempt to cover all possible aspects of this Halley-like moment (our humble contribution to it here). If  you chose to boldly swim your way through this sea of f8 opinions, then you’ve probably reached the ZONE: that state of mind where you believe anything’s possible…Recent attempts to persuade Facebook users to spread terror-inducing messages throughout the community (have you heard about the Facebook no longer free hoax?) prove that the ZONE is not a myth.

Here’s our little piece of evidence to support this case. Enter the account re-verification scam, this time advertised through direct messages:

 

Follow me through the movements of the Y-cut that’ll bring us to the core of this scam:

1. You’ve got a message that’s sent to you and several people on your Friends list. Notice that, in this case, we’re talking about 150 potential victims.
2. All potential victims are brought together in a Facebook conversation, so this family of scammers seems to have a penchant for gambling. Notice the two persons who left the conversation…whether the bait did not work on them or they simply went away to write Mark another angry letter (Hey, dude, you’re messing up with my online home AGAIN!), their exit might put the others off…or not. The disadvantage of this conversation strategy is that people can openly express doubts about the account verification request and, given that they are all on the same friend list they might actually listen to one another and keep away from trouble.
3. Except for the quite cryptic reference to THE SPAMMER that the message contains, there’s no doubt about what people should do: click the provided link….

….which takes us to this beauty of a page:

Sloppy wording? I give you that, but we’ve got Facebook security – the magic words-right up there, which kinda makes up for it. Plus, what with this Timeline overhaul and all….who’s got the nerve to blame the supposedly over-worked writer for “has been reported by another user of violations” and “do not do re-confirm”? To be honest, I was so blinded by the capital Y in the Thank You message (that’s as close as I’ll ever get to being addressed as the God(dess) that I am) that I immediately clicked Confirmation My Account.

Strike 1! Facebook account credentials, with secret question and answer on top, on a silver plate.

Strike 2! Banking details.

But, joy to the world, my account is safe!

 

A greedier, more refined version of this scam takes things further with:

a)      an e-mail address&password (with birth date bonus, mind you!) snatching page:

b)      a PayPal credentials grand theft page:

              

 

Here’s my proposal for a final act in the “honest users meet two-timing scammers” show:

You sing: “Don’t go breaking my account!”

And they sing back: “I couldn’t if I tried…”.

And that’s because you now know better than to tell anyone your passwords (Facebook account, e-mail account, PayPal account, etc) or your PIN number. You know better than to go on obscure sites and fill in forms that require your secret question and answer, your mother’s maiden name, your full address, etc. You know better, and that’s why the show can go on.

Stay safe and click wisely!

This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.