According to David Jacoby of Kaspersky, this new scheme allows access to a user’s account through this method. Once they succeed in gaining access to your account, the scammer would then change the profile picture to the logo of Facebook and change the user’s name into “Facebook Security”. It would now appear to your friends that this is an official Facebook account. The scam artist would then chat with your friends and send them a link that says “Your Facebook account will be turned off because someone has reported you. Please do re-confirm your account security by” ‘Insert Link’ Thank you, The Facebook Team.”
Once you click on the link, it would redirect you to a page outside of Facebook but look similar to that of the social networking site. The page has fields such as name, email, Facebook password, email password and a security question. Once the user fills up the field and clicks on confirm, it would then open a page that would ask the user about his or her credit card information to “confirm” his or her identity. If the user clicks on confirm again, they would then be asked about name, billing address, full credit card number, expiration date and the card’s security code.
Phishing schemes have been common in Facebook so users are warned not to click on any links that seem questionable.
Image source: xcoselete.blogspot.com