Facebook chat phishing attack impersonates Facebook security team

http://www.flickr.com/photos/johnhaydon/5904883838/

A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.

The attackers replace the profile picture of compromised accounts with the Facebook logo and change their names to a variation of "Facebook Security" written with special Unicode characters, said Kaspersky Lab expert David Jacoby in a blog post.

Facebook claims that changing the profile name can take up to 24 hours and is subject to confirmation. However, in Jacoby's tests the change occurred almost instantly and required only the password. This was also confirmed by a victim whose profile name was modified within 5 minutes of their account being compromised, he said.