In one of the latest phishing/malware scams, Facebook and a phony download are being used to create a “double whammy” for potential victims.
The scam starts out with a message stating, “I’m serious guys If you people don’t stop posting this of me I will be erasing my account.” The message then provides a link to a Tumblr account. If an unsuspecting victim clicks on the offered link, they will be taken to a spammy Tumblr that will try to redirect them to a phony Facebook login page.
This realistic looking page is a fraud and requests the user’s Facebook account credentials and the answer to a security question. See an example of this page.
Once this information is submitted, a pop-up displays requiring the download of a “Youtube Player” to find out exactly what content their friend is supposedly erasing their account over. Of course, the download is actually a malicious file containing malware that isn’t any kind of real update.