Kaspersky Lab researchers are warning of a new phishing attack on Facebook that uses hijacked accounts to impersonate the site's security team.

"The attackers replace the profile picture of compromised accounts with the Facebook logo and change their names to a variation of 'Facebook Security' written with special Unicode characters, said Kaspersky Lab expert David Jacoby in a blog post," writes Computerworld's Lucian Constantin.

"After the victim's profile name and picture get changed, the attackers send out a chat message to all of their contacts informing them that their accounts will be suspended unless they re-confirm their information," Constantin writes. "The rogue messages appear to be signed by 'The Facebook Team' and contain a link to a phishing page hosted on an external domain. The Web page mimics Facebook's design and asks for name, email, password, security question, country, birth date and other information needed to hijack the account."


Go to "Facebook chat phishing attack impersonates Facebook security team" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.