Facebook Users Tricked By Malware Into Exposing Credit Card Details

Fellow Facebookers, beware - a new variant of the Ice IX malware has found its way into your social networking circle, and wants your credit card details as well as any other sensitive information that could compromise your identity.

The malware has been designed so that each time a user logs in to their Facebook account, a separate Web form appears within a browser pop-up window. Disguised as though it is actually part of the social networking site, it then proceeds to ask you for your name, billing address and credit/debit card details.

"The attackers claim the information is needed to verify the victim's identity and provide additional security for their Facebook account," explained Trusteer's chief technology officer, Amit Klein, in a blog post on Tuesday.

One the form is completed, the malware sends the details over to its authors via an instant messaging platform - giving them speedy access to start abusing your information as soon as possible.

These rogue form injections are becoming quite common within the Internet marketplace, mainly targeting banking institutions. However, it appears as though cyber fradusters are looking to expand into other areas, and realising the potential of the mass appeal of social networking sites such as Facebook.

"By attacking Facebook and other ubiquitous social networks fraudsters can tap a massive pool of victims," Klein said. "They can also use the information harvested from social network users to perpetuate fraud on multiple fronts including online banking, retail, and even to penetrate enterprise and government networks.

However, Facebook is always keen to point out that the site will never ask its users for personal details such as credit card information - only for the standard username and password upon logging in.

Source: PCWorld