Identity thieves are using a new trick to impersonate Facebook's security team and steal account information and credit card data from users of the world's most popular social network.
According to Kaspersky Lab's David Jacoby (see important disclosure), the attackers aren't simply trying to lure the victim to a phishing site. Instead, they are compromising Facebook accounts and changing the profile picture and account name and sending warnings that appear to come from Facebook's security team.
The "Facebook Security" name was created with special ascii characters replacing letters such as “a” “k” “S” and “t” (see image on the right).
The message attempts to convince Facebook users that their account has been turned off and pushes a link to "reconfirm account security."
This is where the data gets pilfered, Jacoby said, warning that a second layer of the attack will attempt to trick users into entering credit card numbers, including CSC/CVV code.
If you can't avoid using Facebook (you really should!), be aware that Facebook's security team will never ask for financial information like credit card data. Pay special attention to the site you are on when entering any personal information and make sure you apply common sense to anything you do on social networks.