Trend Micro Content Security recently stumbled upon a Facebook phishing site hosted in the URL http://www(dot)facezbook(dot)com/ (notice the wayward letter in the middle).
Here’s a screenshot of the site:
The page, which looks very similar to the actual Facebook login page, asks users to log into their accounts by entering their email addresses and passwords. After providing the required information, users are led to the legitimate Facebook site, tricking them into thinking that their account information is still safe from malicious users, when in fact it was already stolen.
The theft happens when users enter their account credentials on the fake Facebook page. The details written on the fields are logged, and are in turn used by the people behind this operation for different purposes. Email accounts may be used in sending spam to one’s contacts, for example. Leading users to the actual Facebook page after they have entered their account information is a trick to prevent users from discovering the theft.
Social networking sites, Facebook being one of the more popular ones, are now also being targeted for fraud purposes besides being used as a malware infection vector. Just last August, several worms used Facebook to propagate and infect users.
Trend Micro Smart Protection Network already protects users from the phishing Web site. Users are also advised to check typed URLs for any errors, as in this case, a single letter makes all the difference.