Facebook users targeted by Zeus banking Trojan

Users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data. Here's how...

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.


Here is a screen shot of the message in the body of the fake Facebook e-mail. (Credit: AppRiver)

When they give that information, victims are taken to a page that offers an "Update Tool," but that is actually the Zeus bank Trojan that is designed to steal financial and personal data, Touchette said. Users of smart phones that have the Facebook app installed can also easily be duped because the phishing e-mail appears as an actual Facebook notification complete with Facebook icon, he said.

For more, read "Bank Trojan botnet targets Facebook users" from CNET News.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All