The Carberp variant replaces any Facebook page the user navigates to with a fake page notifying the victim that their Facebook account is temporarily locked. Effectively holding Facebook users hostage, the page asks the mark for their first name, last name, email, date of birth, password and a Ukash 20 euro ($25) voucher number to verify their identity and unlock the account.

Trusteer warns the cash voucher attack is in some ways worse than credit card fraud, because with e-cash it is the account-holder, not the financial institution, who assumes the liability for fraudulent transactions.