Fake Voting Site Used as Lure for Facebook Phishing Scam

Facebook phishing site

Cybercriminals have come up with a new scheme to trick Facebook users into handing over their credentials. They’ve launched a bogus voting campaign to lure potential victims to a phishing site.

According to experts from Symantec, the phishers have set up a bogus voting website where they ask users the question “Who is greater boys or girls?” Once they cast their vote, internauts are asked to log in to their Facebook accounts and say if they’re male or female.

In the final phase of the scheme, victims are told that their vote has been successfully submitted. The voting site is hosted on a domain that looks something like this: http://smartapps%5Bdomain name].com. This makes the whole thing look more legitimate.

The counter showing the alleged number of votes for boys and girls is designed to increase. This also makes the rogue application more legitimate-looking.

Although it might seem so at first glance, the voting campaign doesn’t have anything to do with Facebook. When users log in, they’re actually handing over their credentials to the cybercriminals.

The scammers are aware of the fact that many Facebook users take part in such games every day without giving it too much thought. It wouldn’t be surprising if this campaign managed to harvest a large number of account credential sets.

If you’re a victim of this scam, you should change your Facebook password immediately. If you’ve been using the same password on other sites as well, change all of them.

It’s also recommended that you keep an eye out for any suspicious emails that might land in your email inbox since the cybercriminals will likely continue to target victims or they’ll sell the information they’ve obtained to other cybrecrooks and spammers.

In order to avoid falling victim to such Facebook phishing scams, never enter your password on other domains than facebook.com. The legitimate login page is protected with an SSL certificate whose presence is indicated by the padlock icon in the web browser’s address bar and an HTTPS connection.

Never enter personal or financial information on untrusted websites, especially if you’ve reached them by clicking on a link in an unsolicited email. Always be careful when clicking on links seen on social media networks, particularly if they promise interesting or shocking content.

Finally, make sure you have an antivirus application installed on your computer since, in many cases, they’re capable of flagging malicious websites.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s