Mechanism:The scammers create a fake Facebook page and a customized tab. In the customized tab, which they set as a landing page (meaning that this is where the user will get to when clicking the link) they implement a redirect functionality. To advertise this page, the scammers will add various Facebook users to its admin list page. When users are made admins of a Facebook page, they will be notified about that in the Facebook notification area and through an e-mail.
Upon receiving the respective notification, users will be curious to click the provided link precisely because they do not know that page or remember ever taking any action with a view to becoming its admin. When landing on the fake Facebook page, they will be redirected to another malicious webpage. In the variant we identified, the malicious page is used to collect victims’ personal data (e-mail address and shipping address).
1. Message displayed on the malicious page used for the illicit collection of personal data
Why it’s interesting: the scam uses two Facebook specific spreading mechanisms which ensure high visibility: notifications and direct e-mail.
2. Notification used in the scam dissemination process
The main social engineering elements in this case are: 1. getting users curios about why they were made admins of a page (apparently it’s something to be proud of within the social community) and 2. the classic iPad bait (though in this case, it’s not supposed to be given away for free, but sent through mail, for testing purposes).
What to do if you come across this scam?First off, do not provide any details through the form displayed on the malicious web page. Second, remove yourself from the admin list of that page. To remove yourself from the administrators’ list of the malicious page, please follow this link: https://www.facebook.com/pages/manage/
Click the Edit info option next to the page you do not want to be the administrator of. Then click Manage admins and remove yourself from the list. This should solve the issue.
3.How to remove yourself from the admin list of a page
You can also follow the directions in this tutorial: https://www.facebook.com/help/?faq=19375&ref_query=remove+admin
This article is based on the technical information provided courtesy of George Petre, BitDefender Threat Intelligence Team Leader
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.