We’ve had two separate reader reports of a Phishing Scam targeting Facebook users.
The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new facebook account. Im going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and whois protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:
Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam.
It’s not clear yet exactly what the phishing scammers are planning on using the compromised accounts for, or how far it has spread. One tipper claimed that many of his friends had been caught as well.
This isn’t the first time we’ve seen phishing on Facebook, but certainly it could be the most well co-ordinated and widespread attack so far.
Obviously if you see a message in Facebook similar to this, it’s a trap! If you’ve been caught or have shots of this thing in action, send us an email or leave a comment.
See all
Post
Hey, if this becomes common we already have a great name for the phenomenon: Farcebook sites!
Thanks, I’m here all week
What malicious activity could someone do with your facebook log-in info?
Aside from deleting your friends and messing with you.
There’s no financial incentive, like their is with getting someone’s banking or paypal info.
A few days ago my password was changed and the scammers IM family & friends stating that you’re stranded and that you’re needing money to get home. The financial gain for scammers would come if your friend or family actually believed them. I was lucky, but some may not be so lucky. Beware of this! They’ll change your password and start deleting and insulting your friends and family.
It’ll still annoy people enough, just like it did with MySpace, and drive them away.
Some people are just fucks.
It begins and now it will never stop. PayPal, ebay, and many many more have been slammed with phishing.
I wish Web browsers would do more to thwart this kind of stuff. Try *something* to help the average Internet user out. How about if an input tag of type password appears on a page that you’ve never submitted to before AND you navigated to the site by clicking on a link rather than typing in a URL, force a pop-up window that says “WARNING: You never sent your password to this site. Are you sure you want to continue?” And make the warning obnoxiously big.
probably the scam is to install some crappy facebook app to boost it’s stats
@Adam Hyman
congrats on being security conscious. I’m glad you don’t use the same login credentials for multiple sites.
But for some people, you get their facebook, you get their email. You get their email, you get their bank, etc…
I do not understand the popularity of facebook … Creators must be rich
facebook (and others) need to offer optional browser plugins for users… they can call them “security guards” that will establish an address bar color (?? something in the address bar) that only the user and the plugin know (facebook doesn’t even need to know, lest they accidentally publish it in an RSS feed or some other confounded blunder they manage to fall face first into). Not on the page, like the giraffe the bank shows you when log into your savings account, but in the address bar, like the security validation color we get on some browsers. I think there’s value in getting it ingrained in peoples minds that the only place you can trust is the address bar… if you were just logged in and all of a sudden being asked for your credentials again, be trained to notice the address bar is no longer blue (if thats the color you pick…). This “training” will eventually become a part of human evolution and people will be born to recognize a phishy URL.
The scammers are building a massive and shadowy PokeNet. And now you’re in their sites, Duncan. Next time you log in, there will be a MegaPoke (poke*10^6) waiting for you!
Are you guys stupid?
Step 1: Phish accounts
Step 2: Create program to auto login to said account and post a ‘new link’
Step 3: Have said program run down the list of the thousands of accounts, Posting stuff like “OMG I CANT BELIEVE I ACTUALLY GOT A FREE IPOD!! CLICK HERE AND DO IT !!!”
Step 4: Profit
Get ready for captchas all over the place on facebook. (At least thats how it went down on myspace)
@kevin
yep, i received a message from an acquaintance who i do not regularly talk to last night — i thought he was just being dumb and spamming me.
here’s the message with no links, but the site appears to redirect you to wherever they want you to go (originally ringtones, now pharamacy):
“i think i already told you but incase you forgot, you gotta see all the thousands of ringtones over at http://www.******.com i just got 20 free from them into my phone and i plan on getting more, they got all the songs i ever wanted and best things is, they don’t rob your wallet for each song like the mobile provider does. they download right into your phone in seconds and best of all, no big nasty bill at the end of the month. be smart and save your money, hit them up now like i did at http://www.******.com”
Sometimes I feel like the people who fall for these things got what they had coming. If they’re not smart enough to look at the address bar before submitting info, maybe they deserve to have their info stolen.
I know that’s not true, though, because my bicycle got stolen while I failed to lock it up. Same principle.
Oh well, people just need to learn to be more careful, and pay attention to what’s going on around them.
As a side note, whenever I see a phishing site like this, I like to give them fake information. Like an email address like youguysaredorks@geekville.us, and a password like IHopeYouGoToJail.
Don’t forget that plenty of people put a TON of personal info in their Facebook account: email addresses, cell phone numbers, home addresses, plus all that juicy demographic stuff like gender, relationship status, etc.
These phishing sites not only get your contact info for various types of spam, but they can then offer detailed demographics to their shady penile enlargement customers, to better target spam, telemarketing, etc.
And, of course, @kevin is right too.
Facebook is awful. Can we just admit that already? I went through all this before with Myspace in 2005. Learn how to build your own site. Write some clever code, it takes a couple of hours to learn.
I love facebook because it allows me to network.. in one place I have, old friends, new friends, and the guy I met at the grocery story… It is a 21st century tool used to connect… and connection can be powerful.
In this instance, it’s appropriate to DOS the phishing site to ensure users won’t be able to get to the site. Maintain the DOS so that it will hurt the phishing site financially. At which time the host provider will have to get into the picture to take the site down and notify the owner. And of course the owner is not in the U.S. =) Must be from India or China. hahaha =)
Thanks for the warning…this looks like a great site for tech info!
The website doing the actual harvesting is join-today.net registered to a company in China. view-facebookprofiles.com is just an external frame.
DOS is never legit, fool. The site may be hosted on a shared ISP.
Personally I dont give a damn because Facebook is the hipster thing of the net, claiming to be something cool while it is actually more mainstream than anything.
Yeah, it’s exact the same as facebook. When first time I visit the site, I think it is the facebook. Thank you for warning. Whatever, facebook now is so popular that a lot of guys wanna make money from it. But how facebook make money except the ads.? I don’t see it….
The problem is that thanks to Facebook’s cackhanded attempt at turning us into unwilling PR slaves, plus the prevalence of application span, you’d be hard pressed to distinguish spam from a compromised account than something your real “friends” might send you.
As to the point of gaining access to a Facebook account, well, Jaymon wins the prize. Since a lot of people use the same passwords for their Facebook and email account, and your email address is also your Facebook login, you’ve got a free pass to go into their email account and start rooting around for bank details and password reminders.
Agreed, DOS is NEVER EVER appropriate or legitimate.
I wouldn’t have fallen for this…
…because Firefox’s Phishing Alert immediately goes off when you visit the page.
Do people turn that feature off, or are most of the people being phish’d not using Firefox?
Like it or not, anything that is valued by an individual can be valued by an attacker. There are plenty of reasons to phish a social network account beyond retrieving the end-user e-mail account. Individuals a high value on their online presence, and will likely even pay money to retrieve a compromised account. Another use of the account is to generate spam and phishing targeted at the compromised account’s friends to further propagate the attack.
I think they could fix this by monitoring the accounts that have updated the email address recently, then looking for the embedded links.
What I want to know is, why the even let you change the challenge question?
I’m ashamed to say that I was caught in this one, and I’m fairly vigilant about that sort of thing (fist time for everything).
Whats interesting was that the domain “view-facebookprofiles.com” was actually a front for another host (used an iframe) named join-today.net that when I search it is showing up in several different sites and has been around for at least 6 months. The actual path was join-today.net/face.
If you do a search for “join-today.net” you will find at least two or three others. The ISP that hosts join-today.net is in China and I can’t speak chinese… however if someone could get on the horn with them, you might be able to recover and at least terminate that host.
I did make a small attempt to find the hackers control script but I’m just not up on that technology… that was about 10 minutes after I got nailed. The though was that its going to be writing all that data to the server and if I could get in I could save a lot of people some headache by deleting the capture file.
@Don Jones
I’m Assuming that your at least as intelligent and observant as I am
I used to think the same way… so you keep thinking that way, and one will eventually get you as well…
I would really love to know if there is some sort of secret ninja society hunting these guys and shutting down their servers. Sign me up!
I think the idea too is that a lot of folks use the same password for multiple logins… so if they know your FB password, it is possible that will also be your email password or tied to other high value credentials.
All the information you would need to get a credit card or buy a car (maybe even get a passport) is on facebook. Full name, birthday, address… Where they work and phone numbers are just bonuses.
I got one of these messages on my wall last night. It appeared to be coming from a friend. It stated (I have removed most of the address):
lisen she’s ma new friend add her up and give her a lil time as she is new here
her profile is at
http://www.facebook.com. . . .
I clicked the link and was directed to a login page, at which point Firefox warned me that it was a scam to get my information. I looked at the profile’s of a few other friends of my friend who had been scammed, and saw that very similar messages had been sent to some of them. I left warnings for a few of them about the scam. I tried clicking on the link in IE also, and found that IE does not warn that it is a scam. It’s a good thing I was using Firefox at the time.
yeah, i got the same last week and i clicked it. got hit a bit but then changed my password and deleted all applications and a lot of friends.
My msn was also being logged in from some other computer and it is no related but from a computer than had some software that recorded keystrokes. phisfing software in another country was the origin.
these ppl make online really fun!
i recently recieved a message in my inbox on facebook saying ha ha got you on camera i then looked into my sent messages and realised this message had been sent to all my friends and i later found out facebook has reset my password. to any other facebook users if u get a message saying ha ha got you on camera or here is a video of u naked in bathroom, with typing errors do not open cause these will download viruses onto your computer
Hey I’ve just read about a scam on facebook.I was on facebook yesterday & saw a messege that my brother had sent to my friends wall but it wasnt my brother cause he was a work at that time!Please be careful
rubweep.com does a similar thing. it sends a message from one “friend” and writes on people’s walls.
“are these your profile pictures being featured on rubweep com. you gotta see it.”
then if you go to the site it says it detects pictures that have been put up, and if you want to delete them, input your name, the referee’s name and your email. be careful
I was told by a friend I am on rubweep but I can’t even get on the site to find it.
Wow thanks guys I just had this happen to me and googled rubweep.com without clicking the link just to see what my friend was talking about and this came up. You saved me!
Wow, this just happened to me and I googled rubweep and found this. Thanks for saving me from going further. What a crock. Some people cannot let others have fun without planning something evil.
I jst received a post on my wall frm a frnd sayin det my pics r al ova rubweep.com…. Is dic possible or is it some sort of virus,pls hlp
Spammers want your facebook login so that they can get at your personal info, which they can then use to get to your bank accounts. What they do is they use your information on your facebook account to hack your passwords via the security questions option for changing said passwords, and then they’ve got you.
I have just been a victim of this anoying, divious and distirbing attack. There must be a way to promote this awareness to all facebook users, a way to restrict the virus from playing around with our status, and to restrict our privacy according to our accord. Such actions, primarily on the restriction of the viral spread MUST be effective IMMEDIATELY! Where it be through facebook sending a message or comment to everyone, or even creating a group and inviting all facebook users to join! The fact of the matter is that the word gets out and limits the spread of the virus and victimization.
yes.I am a facebook user and one day one of my friends wrote on my wall and she said that she saw my pics on rubweep.com and another one of my friends said that she saw my pics on a different website.I could’nt figure out how they were able to see my pics from a different site until i looked up rubweep.com .I could’nt believe how people who don’t have anything better to do with their lives phished into my info.Some people are just idiots and i hope these stupid people go to jail.
got a note from a friend saying my pic was on rubweep cant get on the sight to see
my friend just had this happen to him. i got a message about my profile pics being on rubweep, im glad i looked it up before i went to the website. to anyone who reads this, DON’T GO TO RUBWEEP.COM, IT’S A SCAM TO GET YOUR INFO.
and also, to all facebook users. i have just created a group dedicated to early detection of these sites.
it’s called Phishing Website Early Detection
Hey there,
I got one of the rubweep messages from a friend, a couple days later I got another but the word was humscream. Just watch out hey.
This was on my facebook page from a friend and I was confused!!!
Carolina Pena wrote at 4:54pm
Has anyone mentioned your photos are all over the website called rubweep
Wall-to-Wall - Write on Carolina’s Wall
I have this problem. Mine does not include a personal message, just a request. I have one of these requests on my FB page right now that I have not deleted yet. Tried to post the following to my FB page but it would not take. Maybe they don’t like your link and want to panic anyone?
“Please DO NOT accept any more friend requests without reading this first! click on title of this note to read the whole thing.
I have been nearly caught by friend requests POSING AS friends of mine. DO NOT accept without confirming this person actually sent it. In my case it appears as a DUPLICATE of a request I have already received. But come to find out that friend DID NOT send it.
One friend received a request from a friend of ours who has ALREADY PASSED AWAY. What they can do if they gain access is then gain control of your account and many of your friends’ accounts! One hint (so far) is there is no profile picture. Although some legitimate requests don’t have a profile picture, it should be a red flag for you to use caution. Especially DO NOT suggest OTHER friends, if you should accept a request, UNTIL you have confirmed that this IS the correct person inviting you!
Read the following from http://www.techcrunch.com/2008.....ook-users/:
(etc)