Comments on: Phishing For Facebook

By: Tyler

Tyler — Tue, 02 Sep 2008 02:40:03 +0000

because they change your password after they phish. locking you out

By: Elaborate Facebook Worm Virus Spreading · ordaso.com

Elaborate Facebook Worm Virus Spreading · ordaso.com — Sat, 23 Aug 2008 13:59:12 +0000

[...] malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through [...]

By: NSPRA Website | School Communications 2.0

NSPRA Website | School Communications 2.0 — Thu, 03 Jul 2008 15:49:32 +0000

[...] Phishing For Facebook [...]

By: Adwords phishing emails : Rafael’s Internet Marketing Blog

Adwords phishing emails : Rafael’s Internet Marketing Blog — Wed, 07 May 2008 11:55:15 +0000

[...] Phishing For Facebook [via Zemanta] [...]

By: Phishing Scam Targeting Facebook Users

Phishing Scam Targeting Facebook Users — Thu, 27 Mar 2008 05:33:44 +0000

[...] isn’t the first time we’ve seen phishing on Facebook, but certainly it could be the most well co-ordinated and [...]

By: Facebook Phishers, Spammers and Adware, Oh My « Social Media Marketing by Debra Aho Williamson

Wed, 23 Jan 2008 20:23:23 +0000

[...] Phishers, Spammers and Adware, Oh My It was bound to happen. Phishers are putting fake wall posts on Facebook profile pages. When you click the link, you’re redirected to a fake Facebook [...]

By: Ilkka Kauppinen

Ilkka Kauppinen — Mon, 14 Jan 2008 17:58:34 +0000

Me and many of my friends here in Finland have received this same email.

By: IcedEarth

IcedEarth — Mon, 14 Jan 2008 12:02:24 +0000

Facebookmail.com and facebook are both domains owned by facebook, do a WHOIS enquiry on either and you will see they are owned by the same company.

Still very odd they should reset the passwords, I think probably there backend has been broken into, but they are keeping it real quiet. We shall see.

By: Daniel Hellerman

Daniel Hellerman — Mon, 14 Jan 2008 08:11:34 +0000

Matt, I got the same link, turned out to be legit, just a really shitty method of doing it. I emailed facebook for more info, I copied/pasted the actual hyperlink using the right click / copy hyperlink just to be sure, then set my new password to be “phishingtest” just to be sure. But it logged me right into facebook then I went and changed it back to my old password, after restarting my browser and navigating to facebook.com. Its legit, but a damn shitty email. Im really shocked at it, and I have not had any weird security issues either.

By: ca » Blog Archive » Phishy Facebook

ca » Blog Archive » Phishy Facebook — Sat, 12 Jan 2008 23:07:26 +0000

[...] Phishy Facebook [...]

By: grey

grey — Thu, 10 Jan 2008 20:27:36 +0000

Matt,

You should report that link you received to MatrixWatch. Just copy/paste it into the “report a site” box.

By: matt

matt — Thu, 10 Jan 2008 00:13:18 +0000

to clarify the above, i did not “reply” to the e-mail i received, for the very reason it seemed suspicious. Rather, i forwarded it to two FaceBook addresses i knew were legitimate from past dealings (one being info@facebook.com)

also, the time stamps on these TechCrunch posts must be Pacific time, because it;s 7:00 p.m. here in New York; FaceBook has had almost 10 hours to reply to me, and has not yet….

By: matt

matt — Thu, 10 Jan 2008 00:03:14 +0000

I received the following e-mail from

“password+flrcrd=f@facebookmail.com” this morning:

Hey Matt,

We have reset your Facebook account password for security reasons. You will need to use the link provided in this email to create a new, secure password for your account. In the future, please make sure that when you log in to Facebook, you always log in from a legitimate Facebook page with the facebook.com domain. To reset your password, follow the link below:”

OF COURSE I DON’T TRUST THE LINK. I E-mailed Facebook this morning, but have not yet heard back.

(My FaceBook password doesn’t work, that’s true.)

If this is a legitimate e-mail from FaceBook, I am appalled that Facebook thought it sufficient to write

“We have reset your Facebook account password for security reasons”,

with no more detail!!!

I am totally not a ‘techie”, but i wanted to share this with this Group. If this kinf of thing becomes widespread, i agreee with marc e. above that:

“The best metric for when a social networking site has reached it’s apex within its site lifecycle is when the phishers and spammers target it.”

and that FaceBook will be obsolete by, say, Summer 2009…I’m most likely deleting mt account, but right now, i can’t even get into it…

By: Jason

Jason — Sun, 06 Jan 2008 21:53:49 +0000

UPDATE: I went to the matrix-watch website and found that this has already been reported and has three flags!

http://www.matrixwatch.com/

By: Jason

Jason — Sun, 06 Jan 2008 21:51:57 +0000

Whenever I see phishing sites, I report them to matrixwatch.com

I like their web 2.0 approach to fighting internet fraud.

By: john

john — Sun, 06 Jan 2008 02:45:29 +0000

so why don’t the authorities crack down on phishing websites. Can’t you find the registrar, get the registrar to hand over the user’s account information ? I mean this IS illegal, is there no one enforcing the law ?

By: williamhartz.com/blog » Blog Archive » Phishing on Facebook?

williamhartz.com/blog » Blog Archive » Phishing on Facebook? — Sat, 05 Jan 2008 19:33:57 +0000

[...] For more information on the Facebook Phishing, visit TechCrunch. [...]

By: Anatoly

Anatoly — Sat, 05 Jan 2008 05:18:06 +0000

The guys real name is Scott Phish. Someone else is phishing it as Scott Fish.

By: 3 de enero de 2008

3 de enero de 2008 — Fri, 04 Jan 2008 22:58:45 +0000

[...] Phishing en Facebook [...]

By: Nick O'Neill

Nick O'Neill — Thu, 03 Jan 2008 23:17:06 +0000

I actually posted about this yesterday:

http://www.allfacebook.com/200.....-facebook/

Facebook has some real spam challenges facing them.

By: Marc Evans

Marc Evans — Thu, 03 Jan 2008 19:48:11 +0000

The best metric for when a social networking site has reached it’s apex within its site lifecycle is when the phishers and spammers target it.

Facebook will be obsolete in 2 years.

The bot armies are on the march.

By: Marie

Marie — Thu, 03 Jan 2008 18:45:19 +0000

You would be surprised how many people give the same password to their facebook account as their email account ! If emails password are not easy to get out of you, a facebook phishing could be…
Not to mention the all informations that people entered about themselves (think maiden name !) and all…

People need to realize that the internet is not safe and start to educate themselves.

By: John Roberts

John Roberts — Thu, 03 Jan 2008 17:57:48 +0000

Someone entered that exact phish in the PhishTank database yesterday, and it was verified almost immediately.

http://www.phishtank.com/phish....._id=367676

We encourage anyone and everyone to submit examples to PhishTank. Once the community verifies, the free, high-quality data is used by OpenDNS, Yahoo Mail, Kaspersky Labs and many others.

John Roberts
OpenDNS

By: Mike

Mike — Thu, 03 Jan 2008 17:15:46 +0000

This literally JUST happened to me and the most annoying/frustrating part is that i hadn’t logged into facebook in days (min. 2-3) and i seemed to have been hit. I have never seen the phished site nor have i (or would i) ever input my info.

To Facebook’s credit, they automatically reset my password once they saw my account got hit. Just beyond frustrating.

By: David Litsky

David Litsky — Thu, 03 Jan 2008 16:44:38 +0000

It’s a side effect of an open network. The fewer checkpoints that there are in a system, the higher the chance that phishing and spam attempts will get through. Many of the webforums I frequent do an excellent job of maintaining the integrity of their communities through a mix of technical fixes and human moderation. I forsee that Facebook will start to add moderators to their service, similar to AOL when the chatroom phase started.

It’s an issue but I am not worried because I know that exactly 260 people plus a few choice applications can access my personal data. I am curious to see how many of these widget applications are really phishing attempts in disguise.