Winner’s Circle Facebook phish

Here’s a Facebook phish that claims you’ve won $200,000,000 from “Zynga Special Gifts”, while displaying elements from the legit Texas Holdem Poker App page. It also pastes a popup box over the top:Click to EnlargeAs I’m logged into Facebook, you can see a little picture of my head as Texas Holdem asks for permission to access my information. All of this is going to seem very convincing to a Facebook user unfamiliar with dubious popups and other nonsense. Let’s see where we go from here after clicking the popup:Click to Enlarge“Welcome to Winner’s Circle”, it says – along with a request for your email, password and “code” to prove you’re a legitimate winner. I’ve no idea what the Code is all about, but entering your data into the box and hitting the “Claim Gifts” button sends your login to the phisher.Where this gets really interesting is the state of play this morning.Visit the phish now, and Facebook redirects you to the following page:Click to Enlarge“Warning, the website that directed you here was not a Facebook page. If you entered your Facebook login information on the previous (continue reading...)