Phishing Scam Targeting Facebook Users

We’ve had two separate reader reports of a Phishing Scam targeting Facebook users.

The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new facebook account. Im going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and whois protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:

Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam.

It’s not clear yet exactly what the phishing scammers are planning on using the compromised accounts for, or how far it has spread. One tipper claimed that many of his friends had been caught as well.

This isn’t the first time we’ve seen phishing on Facebook, but certainly it could be the most well co-ordinated and widespread attack so far.

Obviously if you see a message in Facebook similar to this, it’s a trap! If you’ve been caught or have shots of this thing in action, send us an email or leave a comment.