ThreatMetrix discovered a new strain of the Zeus Trojan virus this week. The cleverly crafted attack is said to catch users off-guard by waiting so that a website’s login page appears to be working properly. After login, the fraudulent pages are loaded and credit card information is requested. As we have seen before in other phishing scams and malware attacks, the Facebook and Gmail pages appear to be legitimate and can be quite convincing.
The following scam messages are currently in use:
“Transferring Facebook Credits to your bank account is now available!”
“Earn up to 20 percent cash back purchasing Facebook Credits with your MasterCard or Visa debit card.”
“Link your debit card right now with your Google Mail account to pay simply and securely at more than 3,000 stores online.”
Andreas Baumhof, chief technology officer of ThreatMetrix, had this to say about the attack, “Today’s cybercriminals are rapidly evolving to surpass some of the most advanced malware and cybercrime automatic detection routines.” He further commented on the dangers that social networking sites and other popular web destinations face, “Recently, social media platforms have taken to monetizing their sites. Facebook now has Facebook Credits, while Google’s Checkout is widely used by many online vendors. Online businesses need to take the proper steps to protect their users from these attacks.”
It is a cat and mouse game between cybercriminals and security software vendors. Socially engineered attacks seek crafty ways to bypass security protocols and anti-virus software. We caution everyone to remain vigilant and pay careful attention to login pages, download requests and prompts for financial information of any kind.
For more information on the new strain of Zeus Malware, ThreatMetrix Labs reports are available at http://threatmetrix.com/resource-center/threatmetrix-labs-reports/.
How to Deal with the Scam:
If you installed the malware package, then you will need to run a complete virus scan of your computer system with a current security suite. If you provided banking details, then you should also contact your financial institution immediately!
If you or your Facebook friends are falling for tricks like this, it’s time to get yourself informed of the latest threats. Be sure to join the Facecrooks page on Facebook to be kept informed of the latest security issues. Also check out:
The Ultimate Guide to Facebook Scams and How to Deal with Them
How to spot a Facebook Survey Scam
Recommended Resources
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams like this.
PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.
Do Not Track + is a FREE browser plugin created by Abine. This easy to install plugin keeps websites from tracking you. If you value your online privacy, then you should definitely take advantage of this free product.
Action Alert | Free Parental Control offers a 100% free Internet safety solution designed for parents. There is also a Maximum Protection option for parents that need a more advanced set of tools.