Facebook Phishing Attack

By  |  Wednesday, April 29, 2009 at 1:14 pm

A couple of hours ago I got an oddly terse message from a Facebook friend who I’m not used to hearing from:

Facebook phish

It wasn’t hard to identify it as a hoax, one that wasn’t really from the “sender” in question–especially when I noticed that the “Facebook” URL mentioned something called fbaction.net. Out of curiosity, I clicked anyhow–hey, I like living dangerously–and got a fake Facebook login screen. I therefore entered a fake user name and fake password, whereupon it sent me to the real Facebook (and, presumably, stole my fake credentials).

Over at TechCrunch, M.G, Siegler explains that I was one of many Facebook users who heard from these guys. Facebook blocked the site from being shared via Facebook, and reported it as a bad actor, so recent browsers with anti-phishing features could protect their users. But I’m sure some other random troublemaker will try precisely the same trick again soon.

Bottom line:

1) Be suspicious of odd Facebook messages, especially ones that demand you click on something without explaining why;

2) Be suspicious of messages you receive from random Facebook pals that don’t carry any clear indication they’re real and personal;

3) Be very suspicious of anything involving a URL that’s a variant on Facebook.

4) If you do click, watch the URL you go to very, very carefully.

5) Remember that none of this advice is Facebook-specific–it applies to…well, everything.

6) Be grateful that so many phishers really aren’t very good at their job–and paranoid about the possibility of being fooled by one who knows what he’s doing.

Comments are closed

Read more: , ,

Comments are closed.