The Electronic Frontier Foundation (EFF) warns Syrian internauts, especially those who oppose the current Syrian government, to be on the lookout for shady Facebook posts that lead to a phishing site that’s designed to steal their login credentials.
Since the Syrian government allowed the country’s Internet users to access Facebook, a lot of them have used the social media site to plan and debate their actions against the regime.
However, pro-government hackers started relying on the popularity of these forums to spread their malicious links, which point to a site that replicates the Facebook login page.
“Urgent. The thug Sharif Shihada was arrested by the Free Army. Captured by Ahrar Al Qlamoun battalion... please spread the video of him denouncing the Syrian Regime... Allahu Akbar, victory to our revolution and Free Army,” reads in Arabic one of the messages that carry a link to the phishing site.
Another, also in Arabic, reads,” Urgent and critical.. video leaked by security forces and thugs.. the revenge of Assad's thugs against the free men and women of Baba Amr in captivity and taking turns [expletive] one of the women in captivity by Assad's dogs.. please spread this.”
Users who rush to access the content may not see that in reality, the malicious page is not hosted on the facebook.com domain. Instead, the name of the site displayed in the browser’s address bar looks something like l0gin1.cixx6.com, which clearly indicates its true, malevolent, purpose.
It’s believed that the usernames and passwords gathered by the cybercrooks who operate the site are used to obtain private information from victims’ accounts.
Syrian Facebook members and anyone who may be interested in the revolution that’s currently taking place should be on the lookout for these phony Facebook sites.