New Phishing Attack Spreading On Facebook. This Time From FBstarter (Updated)

Yesterday a phishing scam spread across Facebook in the form of a message form a friend asking you to click on a link which took you to what appeared to be a Facebook login, but was actually at a different URL, http://fbaction.net. It was quickly blocked. But now there seems to be a new one linking to http://fbstarter.com/. It comes in the form of a message from a friend telling you to “Look at this!” When you click on the link, you are taken to what appears to be a Facebook sign-in page. If you go ahead and sign in, the phishers have access to your account and can then send messages to all of your friends.

I just got one of these messages. It looks like this:

Joshua sent you a message.

Subject: Look at this!

“fbstarter.com”

And fbstarter is hyperlinked.

If you do sign in by mistake, the best thing to do is to change your password as quickly as possible. Make sure you are signed into the real Facebook when you do that, however.

Again, it looks like this phishing attack is very successful. Right now “fbstarter” is the No. 1 hottest term on Google Trends.

I have alerted Facebook to this attack.

Update: Facebook is on the case. They just sent me this update:

We’ve already blocked www.fbstarter.com from being shared on Facebook. You’ve probably seen what this looks like but I’m including a screenshot. Now, we’re deleting that URL from walls and inboxes. We’ve also blocked access to the URL so if someone does find it on Facebook (on their wall, in their inbox, or in an email notification) it won’t send them to the destination. Finally, we’ll automatically reset the password on any account that sent the malicious link. Thus, the data becomes useless to the bad guys very quickly.

In addition, we work with MarkMonitor (they made an announcement today). We send them URLs and they get them added to the browser blacklists and work to get the sites taken down. I’ve included a screenshot of the warning from Firefox that resulted from their work on the phishing attack yesterday (fbaction.net). They got that site taken down, too. Today’s site (fbstarter.com) has been down most of the morning. MarkMonitor and Facebook are watching it closely, though.

bfstarter-block