New Facebook attack targets e-cash users

New Facebook attack targets e-cash users

Security firm Trusteer Wednesday said it's identified a new browser-based malware attack against Facebook users that's aimed at stealing money through e-cash payment system Ukash.

TRICKERY: Social engineering attacks on the enterprise are trending upwards

Amit Klein, CTO at Trusteer, says this new variant on the Carberp Trojan tries to steal money by tricking victims into divulging payment information for the Ukash electronic voucher payment system.

According to Trusteer, the Carberp botnet malware works by replacing any Facebook page the user navigates to with a fake page that then tells the victim that the Facebook account is "temporarily locked," asking for personal information, such as name, e-mail, date of birth, password and a Ukash 20 Euro (about $25) voucher number to "confirm verification" of their identity and unlock the account.

This fake Facebook page then claims the cash voucher will be "added to the user's main Facebook account balance." This scam, says Klein, is the first spotted so far related to Facebook and the Ukash payment system, and Facebook users should recognize it and be wary if they see it.

"You should always be suspicious of odd or unconventional requests," Klein says.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Brand Post

Show Comments