The Electronic Frontier Foundation claims they are receiving reports that Syrian activists are being exposed to phishing attacks on activist Facebook pages.
It seems that pro-Syrian government hackers are posting the phishing attacks in an attempt to lure unsuspecting Facebook users to a fake log-in page in order to obtain user data. It doesn’t take much imagination to see how activists’ personal data could be used for locating, detaining and torturing dissidents.
Below is the fake message appearing on Syrian activist Facebook accounts:
Urgent. The thug Sharif Shihada was arrested by the Free Army. Captured by Ahrar Al Qlamoun battalion… please spread the video of him denouncing the Syrian Regime… Allahu Akbar, victory to our revolution and Free Army.
As noted by EFF, pro-government hackers have also distributed similar malware, a Trojan called Darkcomet RAT, via chats and emails. And, as always, don’t believe that this social engineering is limited to totalitarian regimes—what’s good for the goose is good for the gander (USA).