Following reports from readers, Linha Defensiva has confirmed that ads shown in Facebook can lead users to pages created for the sole purpose of stealing data, such as credit card numbers and personal details. Brazilian criminals are purchasing the ad space, and using famous people and generous — but fake –offers to lure users into giving up their data.
In one case, an ad informs the user of a promotional campaign by Cielo, a VISA-owned payment processor, and Rodrigo Faro, a TV host.
According to the ad, the user must only register in order to be eligible for a prize of “up to R$ 100,000 (US$ 50,000).”
If the user clicks the ad, a page requesting all the user’s card details is shown.
In another phishing attempt, the criminals offer an iPhone 4S for only R$ 440 (US$ 220). The price is about four times lower than the retail price of the phone practiced by Apple (R$ 1,999). The page again requests the full credit card details from the user.
Both pages are not maintained by who they claim to be.
Linha Defensiva asked Facebook about the social network’s procedures to validate ads. That question went unanswered. Facebook only said that such ads are not allowed according to its advertising terms, and that users can report a fraudulent ad by filling a form.