I’m not sure what the bad guys want with a bunch of Facebook user account credentials, but phishing scams seem to be hitting the site. Scott Fish notes that some users are seeing Wall posts that contain links to phishing sites to gather Facebook credentials.
An example message is:
lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn
Note that the URL in the quote above, which leads to what looks like a Facebook sign in page, is not Facebook. So if you visit the site (don’t), DO NOT enter your Facebook credentials or any other personal information.
Only your friends can add Wall posts on Facebook, so any posts linking to phishing sites are either from hacked accounts or else people have added the phishing guys as a friend.
This is a good candidate for PhishTank, an anti-phishing service created by OpenDNS.
It was only a matter of time…
But it will be interesting to see how Facebook handles this. For example, some banking sites display phishing warnings on their login page, etc.
Did the guy’s name really have to be Scott Fish?!
Great pickup. I was very surprised that facebook has not replied to this issue. I saw this on my friend’s profile at 10 AM EST.
Regarding why the phishers might want to target users on facebook, FB actually stores credit card information for people using their marketplace feature. Also, users tend to have the same password for email, other social networking sites, banking, etc.
Somebody gets access to your Facebook account - what is the big deal… it isn’t like they are gaining access to paypal or other financial documentations? Other then sending comments to others on your list, I fail to see why this is such a big concern. Educate me
Jon
ps: I don’t have a facebook account
because they change your password after they phish. locking you out
I’m still amazed that people fall for these. Especially supposedly educated Facebook members.
As to what they do with the accounts, they use them spam with. MySpace has had this problem for a long time.
Get the Compete Toolbar. Trust scores warn of phishing sites (low traffic, recently registered domains, community blacklists, etc). It has protected me a few times against paypal phishes.
http://tools.compete.com
Dude, do you really need a toolbar to know that it’s a phishing site? Just look at the damn URL before you click a link.
rfre: I know you’re an awesome uber-nerd, but some people don’t exactly understand the distribution of slashes and dots in a URI. Even people with Facebook accounts! Crazy, I know, but it’s true.
Well, I it looked real at first because of the id part but then i saw the .cn and it gave it away. I can understand people falling for this.
I actually saw this today too…a buddy of mine posted a comment and it had that same .cn ending…total give away…I deleted the comment right away.
You would be surprised to know that yes, people really do still fall for stuff like this. For those in the tech circle and in the know….it is damn obvious by looking at the friggin URL. Even when the URL has a different caption sometimes, I hover on the link to view the actual URL at the bottom of my browser. But in reality a lot of not so savvy people out there do not even pay attention to all these slashes and things. All they see is http://www.facebook.com and they will click it, the other stuff doesn’t bother them.
A crime gang somewhere already has hacked or phished your credit card and account information and you just dont know it.
One phishing gang Im aware of is turning over the order of 50,000 complete identities a day. A recent article in the Mercury News suggests that 1 in every 2 people in the US have their identities compromised. Last year somewhere in the order of 1 in 80 people have had their details stolen by some form of phishing.
The detailed information kept in people’s Facebook profiles is often enough to get around verification questions when challenged online or by phone. It allows compromise in one application or domain (such as your salesforce.com account) to be leveraged to compromise another (your online banking account)
Look for 2008 to be the year of phished accounts in enterprise and social web applications.
Facebook is a priceless venue, why do people try and compromise its powers…grr…
I just set up my first facebook group today and this sort of news aggravates the whole community. I feel like I have a vested interest (along with ten’s of millions of others’) in Facebook’s success I hope phishing scams are not going to become commonplace in 2008.
Shameless plug, I know…
Please checkout and possibly join my Facebook Group it’s called:
“Flood your News Feed with Presidential Endorsements”
http://oregon.facebook.com/gro.....amp;ref=mf
You’re welcome to invite all you’re friends too!
There’s a much simpler reason to do it - to spam your friends with advertisements. A message from you looks a lot more legit then a random message in your email. Social network spam has been on Facebook since the beginning. I get spammed all the time on there.. I don’t know why this is newsworthy today, unless the volume has increased.
As one of those people that fell for this, it was odd where it happened because I tried to take an action in Scramble and was dumped on this page. At first I just thought it was some sort of time out and dumbly just re-entered my login info. This then happened again, but this time I looked at the URL and it was Facebook’s. Hence, it seemed like I had been legitimately logged out. The cycle wasn’t stopping though the URL never gave up the clue. Finally, I rebooted my computer to stop this cycle. I’ve seen lots of these scams and know what to look for and was still fooled by it. Happy to be the sucker here, but it definitely wasn’t your father’s phishing incident
I think the .cn at the end of the url says it all! Bad url.
It is very difficult to identify these phishing guys when you’re making friends, I think facebook should have some filtration to avoid such users to get registered.
I think the point is that people are predictable - if they phish your password for facebook, they’ll just find those people who also use the same password for their email, and from there they look for which financial sites you use, and either have all they need from your inbox or hope yet again that you continue to use the same password on yet more sites. They could also build up a nice targeted dictionary attack from your Facebook profile.
It’s a side effect of an open network. The fewer checkpoints that there are in a system, the higher the chance that phishing and spam attempts will get through. Many of the webforums I frequent do an excellent job of maintaining the integrity of their communities through a mix of technical fixes and human moderation. I forsee that Facebook will start to add moderators to their service, similar to AOL when the chatroom phase started.
It’s an issue but I am not worried because I know that exactly 260 people plus a few choice applications can access my personal data. I am curious to see how many of these widget applications are really phishing attempts in disguise.
This literally JUST happened to me and the most annoying/frustrating part is that i hadn’t logged into facebook in days (min. 2-3) and i seemed to have been hit. I have never seen the phished site nor have i (or would i) ever input my info.
To Facebook’s credit, they automatically reset my password once they saw my account got hit. Just beyond frustrating.
Someone entered that exact phish in the PhishTank database yesterday, and it was verified almost immediately.
http://www.phishtank.com/phish....._id=367676
We encourage anyone and everyone to submit examples to PhishTank. Once the community verifies, the free, high-quality data is used by OpenDNS, Yahoo Mail, Kaspersky Labs and many others.
John Roberts
OpenDNS
You would be surprised how many people give the same password to their facebook account as their email account ! If emails password are not easy to get out of you, a facebook phishing could be…
Not to mention the all informations that people entered about themselves (think maiden name !) and all…
People need to realize that the internet is not safe and start to educate themselves.
The best metric for when a social networking site has reached it’s apex within its site lifecycle is when the phishers and spammers target it.
Facebook will be obsolete in 2 years.
The bot armies are on the march.
I actually posted about this yesterday:
http://www.allfacebook.com/200.....-facebook/
Facebook has some real spam challenges facing them.
The guys real name is Scott Phish. Someone else is phishing it as Scott Fish.
so why don’t the authorities crack down on phishing websites. Can’t you find the registrar, get the registrar to hand over the user’s account information ? I mean this IS illegal, is there no one enforcing the law ?
Whenever I see phishing sites, I report them to matrixwatch.com
I like their web 2.0 approach to fighting internet fraud.
UPDATE: I went to the matrix-watch website and found that this has already been reported and has three flags!
http://www.matrixwatch.com/
I received the following e-mail from
“password+flrcrd=f@facebookmail.com” this morning:
Hey Matt,
We have reset your Facebook account password for security reasons. You will need to use the link provided in this email to create a new, secure password for your account. In the future, please make sure that when you log in to Facebook, you always log in from a legitimate Facebook page with the facebook.com domain. To reset your password, follow the link below:”
OF COURSE I DON’T TRUST THE LINK. I E-mailed Facebook this morning, but have not yet heard back.
(My FaceBook password doesn’t work, that’s true.)
If this is a legitimate e-mail from FaceBook, I am appalled that Facebook thought it sufficient to write
“We have reset your Facebook account password for security reasons”,
with no more detail!!!
I am totally not a ‘techie”, but i wanted to share this with this Group. If this kinf of thing becomes widespread, i agreee with marc e. above that:
“The best metric for when a social networking site has reached it’s apex within its site lifecycle is when the phishers and spammers target it.”
and that FaceBook will be obsolete by, say, Summer 2009…I’m most likely deleting mt account, but right now, i can’t even get into it…
to clarify the above, i did not “reply” to the e-mail i received, for the very reason it seemed suspicious. Rather, i forwarded it to two FaceBook addresses i knew were legitimate from past dealings (one being info@facebook.com)
also, the time stamps on these TechCrunch posts must be Pacific time, because it;s 7:00 p.m. here in New York; FaceBook has had almost 10 hours to reply to me, and has not yet….
Matt,
You should report that link you received to MatrixWatch. Just copy/paste it into the “report a site” box.
Matt, I got the same link, turned out to be legit, just a really shitty method of doing it. I emailed facebook for more info, I copied/pasted the actual hyperlink using the right click / copy hyperlink just to be sure, then set my new password to be “phishingtest” just to be sure. But it logged me right into facebook then I went and changed it back to my old password, after restarting my browser and navigating to facebook.com. Its legit, but a damn shitty email. Im really shocked at it, and I have not had any weird security issues either.
Facebookmail.com and facebook are both domains owned by facebook, do a WHOIS enquiry on either and you will see they are owned by the same company.
Still very odd they should reset the passwords, I think probably there backend has been broken into, but they are keeping it real quiet. We shall see.
Me and many of my friends here in Finland have received this same email.