Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Aggressive Facebook Scam Attempts to Capture Email and Postal Addresses

Fake Facebook Page Admin Notifications Trick Users Into Revealing Email and Postal Addresses

Threat researchers from BitDefender are warning of a new scam spreading via Facebook that attempts to capture personal information including email and postal addresses.

Fake Facebook Page Admin Notifications Trick Users Into Revealing Email and Postal Addresses

Threat researchers from BitDefender are warning of a new scam spreading via Facebook that attempts to capture personal information including email and postal addresses.

The scam works by alerting Facebook users through the Facebook notification system and by e-mail, and saying they have been made administrators of an unknown page. From there, users are directed to click on a link that takes them to a fake Facebook page. Once the user has landed on the fake Facebook page, they are re-directed to a different, malicious page where they are asked to provide their e-mail and shipping addresses in order to take part in a test session of the new Apple iPad2. The scam is luring users in with a fake offer to review an iPad 2, saying that Apple is giving away a total of 10,000 iPad2’s for review.

Aggressive Facebook Scam Attempts to Capture Email and Postal Addresses

“This scam is very aggressive and efficient at the same time because it uses two Facebook specific spreading mechanisms, which ensures high visibility — notifications and direct e-mail,” commented Catalin Cosoi, Head of BitDefender Online Threats Lab. “The main social engineering elements are, on the one hand, getting users curious about why they were made administrators of a Facebook page and, second, using the Applie iPad as bait. In this case, the device is supposed to be given away for free, but sent through mail for testing purposes.”

Users should never click on any suspicious administrator links provided through Facebook and never provide any personal information. Also, if you find yourself as the administrator of a malicious page, you will need to remove yourself from the administrators’ list of that page.

Users can remove themselves from the administrators’ list of the malicious page, by following the steps provided in the tutorial here.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.