News Item

Fake Facebook 'verification' windows steal financial data

By: Matt Liebowitz, MSNBC

How often do you log in to Facebook? Ten times a day? Fifty? All it takes is once for a new piece of financial fraud malware to catch you off guard and make off with your money.

A reworked version of the cyberattack tool called Ice IX is the culprit; in its new configuration, the Web injection component of Ice IX hits unsuspecting Facebook users with a pop-up window immediately after they log in, Amit Klein from the security company Trusteer explained in a blog. The Web inject that triggers the scam is being sold in underground cybercrime forums.

The rigged window, which looks exactly like a real Facebook page, tells users they need to "verify" their identity by entering their credit card number, expiration date, card identification number, name and address.

Read more...