Researchers from the EFF (Electronic Frontier Foundation) have spotted an ongoing Facebook phishing attack, spreading across Syrian pro-revolution forums on Facebook.
The screenshot below displays the link in a comment under a pro-revolution video. The phishing link is accompanied by the following text in Arabic: Urgent and critical.. video leaked by security forces and thugs.. the revenge of Assad's thugs against the free men and women of Baba Amr in captivity and taking turns raping one of the women in captivity by Assad's dogs.. please spread this.
The spamvertised phishing URL hxxp://l0gin1.cixx6.com//photo-php=/426519_333998546633128_33140461 0225855_1082043_158875083/login/facebook/en/?i=1561 is currently returning a 404 Not Found error message. It spreads via postings within Facebook Groups, and also through personal spamvertising courtesy of compromised Facebook accounts.
The campaign is similar to last week's uncovered "Fake YouTube sites target Syrian activists with malware" campaign, once again detected by the EFF.
The phishing campaign is a great example of an ongoing practice within the cybercrime ecosystem, namely localizing texts, messages and fake web sites into the native language of the prospective victim.
For the time being, the phishing web site has been detected as a phishing site, only by Google's Safebrowsing.
The EFF is advising users to be extra vigilant for malicious content coming from, both, known and unknown sources on Facebook.