Security firm Trusteer has discovered a new piece of malware on Facebook. It asks the user for credit card information such as card number, expiration date, and address for monthly statement. A separate web form pops up and explains that Facebook wants to provide you with extra security and needs to verify your identity. Many users will believe that they need to input this information to be able to open their Facebook account. This new malware is a variant of the Ice IX malware.
There is also a marketing video that shows how to use the web injection to anyone hoping to steal credit card information from Facebook users. According to Trusteer CEO Amit Klein, it is also a sign of how good criminals are getting at marketing their products. It is also a sign that criminals are branching out from online banking schemes, to target social networks. This gives criminals access to a huge number of possible victims.
Keep in mind that Facebook never asks for your credit card number or your social security number on the site or through e-mail.