Thursday, 9 February 2017

New Farmville-Facebook-PayPal triple combo phishing scam

Farmville was once the most played game on Facebook, with over 80 million players worldwide, but although its popularity has declined significantly since then, it still has over 30 million followers. So, it’s not at all surprising that cybercriminals have chosen this group as their phishing target.

It all starts with an email, claiming to come from PayPal and claiming a $82.04 GBP (whatever currency that is) payment is being processed to FarmVille on Facebook. The full email states:

Your $82.04 GBP payment made for the game FarmVille on Facebook Inc. is being processed.
Because of our geographic detector recorded this payment as being made from an unknown ip we had to put the payment on hold.
If you did not authorize this payment and you want to cancel, please login and complete the form requested.
Thank you for your understanding.
PayPal, Protection Department.



But the link leads to a forged PayPal website with a Brazilian address, which first asks you to log in, but then claims your account has been frozen due to fraudulent activity being detected, further asking you to continue to the “Resolution Center” for the identification process, so that your “refund” can be resolved. The “Resolution Center” is a phishing page, where all the details about the victim must be entered, including bank account and credit card info. After handing all their details to the scammers, the victims are assured that the refund claim has been submitted and the Farmville payment has been refunded (but will not appear in your payments history).

Because FarmVille players were familiar with in-game financial transactions, payable with real-world money, many of them would be inclined to investigate the rather large sum claimed in the email and click on the provided fraudulent link.