Fake Facebook 'verification' windows steal financial data
By: Matt Liebowitz, MSNBC
How often do you log in to Facebook? Ten times a day? Fifty? All
it takes is once for a new piece of financial fraud malware to catch
you off guard and make off with your money.
A reworked version of the cyberattack tool called Ice IX is the
culprit; in its new configuration, the Web injection component of Ice IX
hits unsuspecting Facebook users with a pop-up window immediately after
they log in, Amit Klein from the security company Trusteer explained in a blog. The Web inject that triggers the scam is being sold in underground cybercrime forums.
The rigged window, which looks exactly like a real Facebook page,
tells users they need to "verify" their identity by entering their
credit card number, expiration date, card identification number, name