At around 1:28 am on October 26, our crawlers first detected a new phishing scheme targeting Texas HoldEm Poker players.  The scammers registered an app with the URL http://apps.facebook.com/texas_hold_poker (note that the real URL for Texas HoldEm is http://www.facebook.com/TexasHoldEmPoker or http://www.facebook.com/TexasHoldEm).  When users click on what they think is a link to TexasHoldEm, they are confronted with this page:

Both of those buttons link to http://vgjyikui.001webs.com/banned/zyngawarning.php, where this is displayed:

Interestingly, that customer support link seems to actually go to the real Zynga contact page at http://www.zynga.com/about/contact.php.  Of course, anything entered into those two boxes is delivered directly to the scammers.   Clicking Submit points the browser back the the real Texas HoldEm Poker page, while clicking Cancel redirects to http://warmingaccount.do.am/zyngapoker/zyngawarning.html that presumably was another scare page to get users to give up their credentials but now looks like this:

Advertisements