In what's been a big week for Facebook with many changes, most prominently the company's highly anticipated IPO debut. That being said, some things haven't changed, as a new Facebook scam has surfaced.
This latest scam uses the network's platform to try to trick users.
Sophos, a UK-based security company, has reported the new scam comes via email asking the recipient to "confirm" they wish to cancel their Facebook account.
The exploiters try to trick the email recipient into clicking a link that attempts to install malware on the victim's computer, presumably banking on the possibility the individual receiving the email has a Facebook account. With the network having amassed over 900 million members at this time, the chances a recipient actually has a Facebook account is high.
According to Sophos, the email says:
Hi [email address]
We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request
The Facebook Team
To confirm or cancel this request, follow the link below: (a hyperlink is included)
Not surprisingly, the link does not go to an official Facebook web page, but to a third-party application, running on Facebook's platform. Sophos warns the link actually goes to a facebook.com email address, and this detail might fool "those who are not cautious."
Users that click the link are prompted with a message asking to run an unknown Java applet. At this stage in the scam, users that ignore or hit the "no thanks" button are inundated with the message repeating itself. Sophos notes the social engineering technique, hoping to panic dedicated Facebook users into thinking if they don't follow the directions, they'll lose their account. If the user does click 'OK', they are then led to another message that says Adobe Flash must be updated in order to proceed.
This is where the malware gets installed if the user grants permission and, if infected, the exploiters spy on activities and take control of the victim's computer.
It sounds as if this latest Facebook scam uses techniques similar to ones often seen with scareware; pestering a user until they give in and click the button to give the green light to make the pop-up message disappear, and download the malware. Scareware often comes in the form of tricking a user into thinking their computer is infected with viruses.
In the 'account cancellation' scam, the scammer plays on fear, hoping the recipient is afraid of losing their Facebook account if they don't comply.
Cancelling an account is user-initiated internally on Facebook. If the cancellation button is hit, users are prompted with a secondary message asking to confirm their cancellation, this is generally not done by email, (unless possibly if the user has emailed Facebook to request the deletion).
In other Facebook news regarding the company's IPO debut, unfortunately, the stock has not taken off as many had hoped.