In an earlier post, we detailed how a hacker was actively phishing Facebook users using porn. That effort may be stymied by the fact that Google had identified his phishing website (travelnewfan9.info) as a danger, preventing at least Google Chrome users from accessing it easily. It appears that he has now adjusted his attacks to circumvent that.
The New Phishing Attack By TravelNewFan!
Here is a new phishing attack by TravelNewFan. The link appears to go to MCFC.CO.UK, but if you mouse-over it, you will see that it actually leads to goo.gl/v0snAe – a shortened link. Please DO NOT proceed further.
Clicking on the video will lead you to travelnewfan7.info/PLang23/, which is the true link of goo.gl/v0snAe. Unfortunately, Google Chrome doesn’t identify it as a phishing attack website, so you are allowed to proceed to this screen. There is even a pop-up that warns you (falsely) that :
System error occurred. Would you please Log back!
The grammatical errors in that error message should set off alarm bells… and so should the fact that the Login button is in Vietnamese. DO NOT KEY IN YOUR FACEBOOK LOGIN AND PASSWORD!
But your hormones are raging and you just have to see that “very interesting video”… so you fill in your login details and voilà! it transfers you to a porn website – xlxx.com.
Note that xlxx.com can be accessed without going through that Facebook link, and it doesn’t even log you in as a member. But now you have given the hacker your Facebook login and password. This allows him to do all kinds of things with your account, like share this phishing post in various groups using your account.
If you find this post informative, SHARE it with your family and friends!
Who Is TravelNewFan?
TravelNewFan appears to be Vietnamese. A WHOIS search of both travelnewfan7.info and the previous travelnewfan9.info domains show that they were both registered by GoDaddy to the same person :
How Does The Hacker Benefit?
One question I keep getting is how does the hacker benefit from getting access to your account. Well, financially, the hacker benefits by selling your login information on the black market. He can also gain referral fees by sending you to xlxx.com after you have been “phished“.
A hacker can also trawl your Facebook account to gather personal information, which they can then use to attack your other social media accounts (Twitter, Instagram, Flickr, etc.). If you are a celebrity, someone of importance, or he happens to find something “juicy”, he can use what he found to blackmail you.
The same login information and personal information in your Facebook account can also help a hacker gain access to your email and banking accounts. Once they have access to them, it would be easy for them to transfer your money out if you did not set up 2-step authentication protection for your banking accounts.
I’ve Been Phished! What Can I Do???
If you actually keyed in your login information, you need to IMMEDIATELY :
- Log into your Facebook account.
- Make sure the email address registered to your Facebook account is correct and has not been changed.
- Change the password for your Facebook account.
- Enable the two-step authentication security feature in Facebook by registering your telephone number with your account.
- If the hacker posted any pictures / videos / apps using your account – LOCATE AND DELETE ALL OF THEM.
- Check if the hacker added any Facebook apps to your account. Remove any you don’t recognise.
If you are not sure how to do this, follow this guide – How To Stop Facebook Apps Posting To Your Facebook Wall.
After doing that, repeat the relevant steps for any other (banking, email, social media) accounts that use the same / similar passwords.
If you find this post informative, please share it with your family and friends!
If you like our work, you can help support out work by visiting our sponsors, or even donating to our fund. Any help you can render is greatly appreciated!