Facebook scam asks for donation for child charity organizations

A new Facebook scam has been spotted over the last few days. Unlike previously seen social engineering tricks, this scam only appears after a certain malware enters a system. The malware, known as Citadel, injects itself into a Facebook session when a victim opens a Facebook webpage. It then displays a prompt that asks a user to make a small contribution through his credit card. What works in the favor of the prompt is the message that asks for a donation to a charity for sick and impoverished children.

Since the amount asked for is insubstantial (around $1) a lot of people do not question the credibility of the visible prompt. The prompt then proceeds to ask the victim his name, credit card number, expiration date, CVV and security password. Once all this data has been collected by the attacker, he can misuse it for several purposes.

FB charity scam

What makes this Facebook scam unique is that it appears in different languages, depending upon the location of the victim. There are different versions of the text that are slightly modified to add a regional touch and a seeming credibility to the scam. So far the scam has been spotted in the following languages:

  • English version that asks for $1 for impoverished Haitian children
  • Italian version mentions the Red Balloon campaign that combats child mortality in Italy
  • Spanish version mentions a nutrition program for Spanish infants
  • Dutch version asks for a donation towards Save the Children
  • German version asks for a donation towards ChildFund

Quick Heal advises its users to not fall for this scam. A charity organization will never ask for a donation through a social network. Moreover, if an application requires credit card details it will ask for the same from its official Facebook page, not through a prompt or pop-up window. If such a prompt appears it is also recommended to run a full system scan with the best Internet security software to get rid of this malware.

Users should refrain from divulging credit card details over Facebook as attackers have devised several methods to abuse this information. We will keep our readers updated on this scam so watch this space for more!

Rahul Thadani

Rahul Thadani


17 Comments

Leave a Reply to mahesh c naik Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. i am unable to connect to only one site i..e facebook.i do not undrstand why i am unable to connect to facebook can u please suggest me the reason

    Reply
  2. These thugs use fb for this purpose n those fb official harass n block innocent ppl
    someone must alert them first

    Reply
  3. Thanks quickheal for keping us updated, can not you post this on FB or shall we copy this post and post this on FB

    Reply
    • Rahul Thadani Rahul ThadaniAugust 2, 2012 at 9:53 AM

      Hi Akshay,
      The Facebook security team is aware of this threat.

      Reply
      • Avatar Rahul AggarwalNovember 7, 2012 at 7:43 PM

        if the facebook is already aware of that, then they should do something for that(i mean that they should block that). And Thanks For awareing us about that.

        Reply
  4. thanx a lot quickheal for this necessary information……

    Reply
  5. Thank you quick heal. Internet security 2012 product is awesomely awesome. keep updating the latest news always. Love to be a part of the quick heal family…

    Reply
  6. Avatar chaudhary dheeraj ranaAugust 2, 2012 at 1:20 AM

    thanks quickheal………………….

    Reply
  7. Avatar deglal mahtoAugust 2, 2012 at 8:45 AM

    like this

    Reply
  8. Avatar mahesh c naikAugust 2, 2012 at 10:24 AM

    dear sir,
    facebook chatting is spoiling culture, thanks to quick heal family to giving the awarness of updated news

    Reply
  9. Thanks rahul for updating us with one more new scam.

    Reply
  10. hey quick heal can you send me your latest product of anti-virus i.e. quick heal 2012 please & thanks for keeping us update

    Reply
  11. Avatar manik debnathAugust 2, 2012 at 3:35 PM

    thanks

    Reply