Fake Facebook 'verification' windows steal financial data
By: Matt Liebowitz, MSNBC
How often do you log in to Facebook? Ten times a day? Fifty? All it takes is once for a new piece of financial fraud malware to catch you off guard and make off with your money.
A reworked version of the cyberattack tool called Ice IX is the culprit; in its new configuration, the Web injection component of Ice IX hits unsuspecting Facebook users with a pop-up window immediately after they log in, Amit Klein from the security company Trusteer explained in a blog. The Web inject that triggers the scam is being sold in underground cybercrime forums.
The rigged window, which looks exactly like a real Facebook page, tells users they need to "verify" their identity by entering their credit card number, expiration date, card identification number, name and address.