Fake Facebook Page Admin Notifications Trick Users Into Revealing Email and Postal Addresses
Threat researchers from BitDefender are warning of a new scam spreading via Facebook that attempts to capture personal information including email and postal addresses.
The scam works by alerting Facebook users through the Facebook notification system and by e-mail, and saying they have been made administrators of an unknown page. From there, users are directed to click on a link that takes them to a fake Facebook page. Once the user has landed on the fake Facebook page, they are re-directed to a different, malicious page where they are asked to provide their e-mail and shipping addresses in order to take part in a test session of the new Apple iPad2. The scam is luring users in with a fake offer to review an iPad 2, saying that Apple is giving away a total of 10,000 iPad2’s for review.
“This scam is very aggressive and efficient at the same time because it uses two Facebook specific spreading mechanisms, which ensures high visibility — notifications and direct e-mail,” commented Catalin Cosoi, Head of BitDefender Online Threats Lab. “The main social engineering elements are, on the one hand, getting users curious about why they were made administrators of a Facebook page and, second, using the Applie iPad as bait. In this case, the device is supposed to be given away for free, but sent through mail for testing purposes.”
Users should never click on any suspicious administrator links provided through Facebook and never provide any personal information. Also, if you find yourself as the administrator of a malicious page, you will need to remove yourself from the administrators’ list of that page.
Users can remove themselves from the administrators’ list of the malicious page, by following the steps provided in the tutorial here.