A new Facebook scam has been spotted over the last few days. Unlike previously seen social engineering tricks, this scam only appears after a certain malware enters a system. The malware, known as Citadel, injects itself into a Facebook session when a victim opens a Facebook webpage. It then displays a prompt that asks a user to make a small contribution through his credit card. What works in the favor of the prompt is the message that asks for a donation to a charity for sick and impoverished children.
Since the amount asked for is insubstantial (around $1) a lot of people do not question the credibility of the visible prompt. The prompt then proceeds to ask the victim his name, credit card number, expiration date, CVV and security password. Once all this data has been collected by the attacker, he can misuse it for several purposes.
What makes this Facebook scam unique is that it appears in different languages, depending upon the location of the victim. There are different versions of the text that are slightly modified to add a regional touch and a seeming credibility to the scam. So far the scam has been spotted in the following languages:
- English version that asks for $1 for impoverished Haitian children
- Italian version mentions the Red Balloon campaign that combats child mortality in Italy
- Spanish version mentions a nutrition program for Spanish infants
- Dutch version asks for a donation towards Save the Children
- German version asks for a donation towards ChildFund
Quick Heal advises its users to not fall for this scam. A charity organization will never ask for a donation through a social network. Moreover, if an application requires credit card details it will ask for the same from its official Facebook page, not through a prompt or pop-up window. If such a prompt appears it is also recommended to run a full system scan with the best Internet security software to get rid of this malware.
Users should refrain from divulging credit card details over Facebook as attackers have devised several methods to abuse this information. We will keep our readers updated on this scam so watch this space for more!