Warning: Fake Zynga Toolbars Will Steal Your Facebook Password

There are two “free toolbars” circulating around the web that pretend to enable users to cheat at Zynga games on Facebook, but actually attempt to steal Facebook login credentials. The false toolbars were spotted by Sunbelt researchers and should be avoided at all cost. See below for more details.

The images below were provided courtesy of Help Net Security and detail the method of operation of the deceitful toolbars.

At first glance, the toolbars look legitimate and appear at the top of your browser, along with a legitimate Facebook logo. The buttons have features that allow for cheating on “Zynga Games” along with other links as well.

-Zynga Toolbar Screenshot-

The problem is, when users click on the “Facebook” logo in the top left corner of the bar (they layout sometimes changes), they are taken to a false Facebook page that asks you to login but actually steals your credentials instead!

-Toolbar Screenshot-

From Help Net Security:

The domain on which the phishing page is hosted is constantly changing because in time every domai gets reported, detected and blocked by the browsers. The different domains used had names like apps-facebook-inthemafia(dot)tk,mafiamafiamafiamafia(dot)t35(dot)com, apps-inthemafias-facebook(dot)tk, etc.

The problem is that the toolbars – when they are not pointing towards the phishing page – point to the real Facebook URL, and the switch can happen anytime. It is best to distrust “cheating” toolbars altogether, and access Facebook and other networks and services by typing in the URL yourself or following your own bookmark.

The point is clear: do not download any fake toolbars claiming to help you cheat at games. The only thing they’ll accomplish is having your password stolen.