Facebook users tricked by Zeus Bank Trojan into revealing financial data

A new Facebook e-mail scam is tricking users into revealing their passwords and financial data, by spreading the Zeus Bank Trojan, a researcher has said.  According to Fred Touchette, a senior security analyst at AppRiver, Facebook users are being tricked by an e-mail, which looks like a genuine notice from Facebook to provide their information to update their log-in system.

A fake Facebook log-in screen  appears, when the user clicks the “update” button provided in the fake e-mail. The fake screen will already be provided with the user name and it will prompt the users to provide their passwords.

A new page with an option to download an “Update Tool” will appear after submitting the password. This “Update Tool” is a Zeus bank Trojan for stealing financial and personal data.

Smartphone users who have installed the Facebook application in their phones are also the targets of  the scam. Users of smartphones can be easily tricked since the fake e-mail comes out as an original Facebook notification complete with the Facebook icon.

Users can view this phishing message from the e-mail inbox of the phone. The fake e-mails also come under the Facebook notification section in the application itself.

With the aid of AppRiver’s filters, the company has captured 6 million e-mails, which were sent by scammers who made the Trojan.

According to AppRiver, the number of emails received at one point of time even touched 30,000, which is almost 10 times the speed of botnet e-mail messages.

To stay safe from the attacks, people should be careful in clicking on links in e-mails and check the validity of the link. If users have any doubt on the legitimacy of links, they should close the e-mail and check the site for important notices to customers, Touchette said.