Hacker Group Affiliated With Syrian Regime Use a Facebook Phishing Scam to Steal Users Credentials
Activists in Syria are reporting that hacker group “Syrian Electronic Army” which is affiliated with the Syrian regime is using phishing tactics on Facebook to steal users emails and passwords.
The scam uses an interesting hot story with a fake link often like:
http://facebook.com-video-php-v222423423.homsrev.webgoof.com/video/video.php ( DO NOT USE THE LINK )
The link looks like a facebook link and when opened you get a copy of Facebook homepage but in fact it is a page on webgoof.com and when activists enter their email address and passwords it will be sent to “electronic thugs of the regime” as Anonymous Syria calls them, and then start sending the link to the users’ followers and friends.
Syrian activist Feras Attasi had his facebook profile hacked and this image shows the scam sending tweets from his linked Facebook profile “great operation by Khaled Bragged, watch the heroes, God salut them, please page owners login to spread the video”
Activists and any user need not to trust any link posted on Facebook and Twitter, and should be sure that only https://facebook.com is the only way to log in to Facebook. Also the user need to check the certificate of the https encryption and make sure it is not faked.