Phishing For Facebook

I’m not sure what the bad guys want with a bunch of Facebook user account credentials, but phishing scams seem to be hitting the site. Scott Fish notes that some users are seeing Wall posts that contain links to phishing sites to gather Facebook credentials.

An example message is:

lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn

Note that the URL in the quote above, which leads to what looks like a Facebook sign in page, is not Facebook. So if you visit the site (don’t), DO NOT enter your Facebook credentials or any other personal information.

Only your friends can add Wall posts on Facebook, so any posts linking to phishing sites are either from hacked accounts or else people have added the phishing guys as a friend.

This is a good candidate for PhishTank, an anti-phishing service created by OpenDNS.