MANILA, Philippines – A new form of phishing is targeting users of the social networking site Facebook aimed at stealing not just the users’ Facebook credentials but also their credit card information.

“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website,” Kaspersky Lab security expert David Jacoby said in a statement released on Tuesday.

“It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ASCII characters replacing letters such as “a” “k” “S” and “t”,” Jacoby explained.

Once an account is compromised it will also send out a message to all contacts of the compromised account. The message looks like this:

When a victim clicks on the link, he will then be redirected to a website that looks and feels like Facebook’s own website. The fake Facebook site then asks the victim to provide personal information such as name, email address, password, webmail system, among others.

“When submitting this form, the details will be sent to the attacker who can automatically login to your Facebook account and compromise it,” Kaspersky Lab said.

After filling up these details, the victim will then be asked for final identity confirmation with a payment and by having the person give his or her credit card information.

Jacoby advised Facebook users to be aware of such threats to avoid becoming victims.

“These scams are just getting more popular and we really recommend not giving out personal information, especially not email, password and credit card information over social media. It is also recommended that you contact your security vendor and the social media vendor if you encounter these sites,” he said.

Kaspersky Lab is a developer of secure content and threat management solutions.