Comments on: Phishing Scam Targeting Facebook Users

By: Robert

Robert — Tue, 08 Apr 2008 00:43:42 +0000

yeah, i got the same last week and i clicked it. got hit a bit but then changed my password and deleted all applications and a lot of friends.

My msn was also being logged in from some other computer and it is no related but from a computer than had some software that recorded keystrokes. phisfing software in another country was the origin.

these ppl make online really fun!

By: Jeffrey

Jeffrey — Sat, 05 Apr 2008 18:41:22 +0000

I got one of these messages on my wall last night. It appeared to be coming from a friend. It stated (I have removed most of the address):

lisen she’s ma new friend add her up and give her a lil time as she is new here

her profile is at
http://www.facebook.com. . . .

I clicked the link and was directed to a login page, at which point Firefox warned me that it was a scam to get my information. I looked at the profile’s of a few other friends of my friend who had been scammed, and saw that very similar messages had been sent to some of them. I left warnings for a few of them about the scam. I tried clicking on the link in IE also, and found that IE does not warn that it is a scam. It’s a good thing I was using Firefox at the time.

By: SearchCap: The Day In Search, March 27, 2008

SearchCap: The Day In Search, March 27, 2008 — Fri, 28 Mar 2008 00:45:03 +0000

[...] Phishing Scam Targeting Facebook Users, TechCrunch [...]

By: Karen

Karen — Thu, 27 Mar 2008 23:26:50 +0000

All the information you would need to get a credit card or buy a car (maybe even get a passport) is on facebook. Full name, birthday, address… Where they work and phone numbers are just bonuses.

By: Jonathan Jordan

Jonathan Jordan — Thu, 27 Mar 2008 21:43:29 +0000

I think the idea too is that a lot of folks use the same password for multiple logins… so if they know your FB password, it is possible that will also be your email password or tied to other high value credentials.

By: Brill Pappin

Brill Pappin — Thu, 27 Mar 2008 20:11:45 +0000

@Don Jones

I’m Assuming that your at least as intelligent and observant as I am
I used to think the same way… so you keep thinking that way, and one will eventually get you as well…

I would really love to know if there is some sort of secret ninja society hunting these guys and shutting down their servers. Sign me up!

By: Brill Pappin

Brill Pappin — Thu, 27 Mar 2008 20:04:59 +0000

I’m ashamed to say that I was caught in this one, and I’m fairly vigilant about that sort of thing (fist time for everything).

Whats interesting was that the domain “view-facebookprofiles.com” was actually a front for another host (used an iframe) named join-today.net that when I search it is showing up in several different sites and has been around for at least 6 months. The actual path was join-today.net/face.

If you do a search for “join-today.net” you will find at least two or three others. The ISP that hosts join-today.net is in China and I can’t speak chinese… however if someone could get on the horn with them, you might be able to recover and at least terminate that host.

I did make a small attempt to find the hackers control script but I’m just not up on that technology… that was about 10 minutes after I got nailed. The though was that its going to be writing all that data to the server and if I could get in I could save a lot of people some headache by deleting the capture file.

By: sourceroot

sourceroot — Thu, 27 Mar 2008 19:50:31 +0000

I think they could fix this by monitoring the accounts that have updated the email address recently, then looking for the embedded links.

What I want to know is, why the even let you change the challenge question?

By: Adam O'Donnell

Adam O'Donnell — Thu, 27 Mar 2008 19:22:23 +0000

Like it or not, anything that is valued by an individual can be valued by an attacker. There are plenty of reasons to phish a social network account beyond retrieving the end-user e-mail account. Individuals a high value on their online presence, and will likely even pay money to retrieve a compromised account. Another use of the account is to generate spam and phishing targeted at the compromised account’s friends to further propagate the attack.

By: BEFORE i FORGET » FACEBOOK USERS BEWARE written by Simon Jones

BEFORE i FORGET » FACEBOOK USERS BEWARE written by Simon Jones — Thu, 27 Mar 2008 19:09:34 +0000

[...] TechCrunch are reporting the strange facebook scam which involves users being directed to a bogus facebook page and asked for their account details. The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new facebook account. Im going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and whois protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page: [...]

By: AW

AW — Thu, 27 Mar 2008 18:54:55 +0000

I wouldn’t have fallen for this…

…because Firefox’s Phishing Alert immediately goes off when you visit the page.

Do people turn that feature off, or are most of the people being phish’d not using Firefox?

By: Simon Jones

Simon Jones — Thu, 27 Mar 2008 17:58:13 +0000

Agreed, DOS is NEVER EVER appropriate or legitimate.

By: I Am Not Posting To Spam My Blog

I Am Not Posting To Spam My Blog — Thu, 27 Mar 2008 10:56:55 +0000

The problem is that thanks to Facebook’s cackhanded attempt at turning us into unwilling PR slaves, plus the prevalence of application span, you’d be hard pressed to distinguish spam from a compromised account than something your real “friends” might send you.

As to the point of gaining access to a Facebook account, well, Jaymon wins the prize. Since a lot of people use the same passwords for their Facebook and email account, and your email address is also your Facebook login, you’ve got a free pass to go into their email account and start rooting around for bank details and password reminders.

By: Mapro Chang

Mapro Chang — Thu, 27 Mar 2008 09:37:33 +0000

Yeah, it’s exact the same as facebook. When first time I visit the site, I think it is the facebook. Thank you for warning. Whatever, facebook now is so popular that a lot of guys wanna make money from it. But how facebook make money except the ads.? I don’t see it….

By: Mark

Mark — Thu, 27 Mar 2008 09:35:28 +0000

DOS is never legit, fool. The site may be hosted on a shared ISP.
Personally I dont give a damn because Facebook is the hipster thing of the net, claiming to be something cool while it is actually more mainstream than anything.

By: Josh

Josh — Thu, 27 Mar 2008 08:11:25 +0000

The website doing the actual harvesting is join-today.net registered to a company in China. view-facebookprofiles.com is just an external frame.

By: Patty

Patty — Thu, 27 Mar 2008 07:11:32 +0000

Thanks for the warning…this looks like a great site for tech info!

By: DOS is legitimate

DOS is legitimate — Thu, 27 Mar 2008 05:52:20 +0000

In this instance, it’s appropriate to DOS the phishing site to ensure users won’t be able to get to the site. Maintain the DOS so that it will hurt the phishing site financially. At which time the host provider will have to get into the picture to take the site down and notify the owner. And of course the owner is not in the U.S. =) Must be from India or China. hahaha =)

By: Dave Johnston

Dave Johnston — Thu, 27 Mar 2008 05:13:38 +0000

Facebook is awful. Can we just admit that already? I went through all this before with Myspace in 2005. Learn how to build your own site. Write some clever code, it takes a couple of hours to learn.

By: Warren Benedetto

Warren Benedetto — Thu, 27 Mar 2008 05:12:56 +0000

Don’t forget that plenty of people put a TON of personal info in their Facebook account: email addresses, cell phone numbers, home addresses, plus all that juicy demographic stuff like gender, relationship status, etc.

These phishing sites not only get your contact info for various types of spam, but they can then offer detailed demographics to their shady penile enlargement customers, to better target spam, telemarketing, etc.

And, of course, @kevin is right too.

By: Dan Jones

Dan Jones — Thu, 27 Mar 2008 05:12:35 +0000

Sometimes I feel like the people who fall for these things got what they had coming. If they’re not smart enough to look at the address bar before submitting info, maybe they deserve to have their info stolen.

I know that’s not true, though, because my bicycle got stolen while I failed to lock it up. Same principle.

Oh well, people just need to learn to be more careful, and pay attention to what’s going on around them.

As a side note, whenever I see a phishing site like this, I like to give them fake information. Like an email address like youguysaredorks@geekville.us, and a password like IHopeYouGoToJail.

By: sean

sean — Thu, 27 Mar 2008 05:07:38 +0000

@kevin

yep, i received a message from an acquaintance who i do not regularly talk to last night — i thought he was just being dumb and spamming me.

here’s the message with no links, but the site appears to redirect you to wherever they want you to go (originally ringtones, now pharamacy):

“i think i already told you but incase you forgot, you gotta see all the thousands of ringtones over at http://www.******.com i just got 20 free from them into my phone and i plan on getting more, they got all the songs i ever wanted and best things is, they don’t rob your wallet for each song like the mobile provider does. they download right into your phone in seconds and best of all, no big nasty bill at the end of the month. be smart and save your money, hit them up now like i did at http://www.******.com”

By: kevin

kevin — Thu, 27 Mar 2008 04:59:06 +0000

Are you guys stupid?
Step 1: Phish accounts
Step 2: Create program to auto login to said account and post a ‘new link’
Step 3: Have said program run down the list of the thousands of accounts, Posting stuff like “OMG I CANT BELIEVE I ACTUALLY GOT A FREE IPOD!! CLICK HERE AND DO IT !!!”

Step 4: Profit

Get ready for captchas all over the place on facebook. (At least thats how it went down on myspace)

By: Gabe

Gabe — Thu, 27 Mar 2008 04:26:29 +0000

The scammers are building a massive and shadowy PokeNet. And now you’re in their sites, Duncan. Next time you log in, there will be a MegaPoke (poke*10^6) waiting for you!

By: Matt

Matt — Thu, 27 Mar 2008 04:21:21 +0000

facebook (and others) need to offer optional browser plugins for users… they can call them “security guards” that will establish an address bar color (?? something in the address bar) that only the user and the plugin know (facebook doesn’t even need to know, lest they accidentally publish it in an RSS feed or some other confounded blunder they manage to fall face first into). Not on the page, like the giraffe the bank shows you when log into your savings account, but in the address bar, like the security validation color we get on some browsers. I think there’s value in getting it ingrained in peoples minds that the only place you can trust is the address bar… if you were just logged in and all of a sudden being asked for your credentials again, be trained to notice the address bar is no longer blue (if thats the color you pick…). This “training” will eventually become a part of human evolution and people will be born to recognize a phishy URL.