Facebook phishing attacks seem to be a dime a dozen these days. The latest is oddly simple but people are still falling victim to it. The subject line will be “Hello” and the body of the Facebook email will simply be a the domain 151.im. This one is a bit odd because although it is not automatically hyperlinked in Facebook, some email clients, like Gmail, will auto-link it. Don’t click on that link and don’t copy and paste it into your browser.
Twitter search reveals that it’s just getting started, but sure enough, I just got an email from a friend telling me to go to 151.im. Apparently another one for 121.im is also just getting started. Don’t visit any of these number.im combinations.
We’ve alerted Facebook to the problem. Hopefully they’re block it soon.
Update: Here’s the statement from Facebook:
We’re well aware of this and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago. You can read more about how we respond to phishing in our recent blog post here: http://blog.facebook.com/blog.php?post=81474932130.
Interesting, so they think it’s related to the previous attack…
[Thanks Adam]
Seriously! This has been spreading wayyy too viral!
p.s. mashable beat you guys on the scoop : P
I just got 2 msg with anything that has 2 .im links on it.
ANYTHING THAT HAS .IM on it dont click!!
I clicked on it, but Safari came up with a screen saying it was potentially harmful to my mac so I closed it out.
Just by clicking on it, it can get into my account (I was signed in to Facebook at the time)?
What will happen if I click them?
Shanky if you click the link it will take you to a page that looks exactly like Facebook’s login. When you type in your facebook login details, the hacking site gets your username and password for Facebook and then redirects you to Facebook so you would have no idea your creds are compromised.
Really fishing scam.I checked these given url but showing Facebook fishing scam with Google warning.
If it’s just a phishing scam, how is it showing up as a message in my facebook inbox?
I am guessing that once they have logins to people’s accounts they use those accounts to send more messages.
If you got hit by this, just change your password and you will be fine.
It’s not just [number].im. One of my facebook friends’ accounts blasted out something with “Check ponbon.im” as the message (same subject of Hello).
I got this one. I replied to the message telling at least the people tagged that it was harvesting passwords.
I got one and clicked on the link, but didn’t do anything on the page. Am I safe, and if not, is there something I should be doing?
Shay, you should be fine, but change your password on Facebook to be safe.
I got a message with the .im link and I didn’t click on the link, but I did reply back to everyone warning them not to click on it cuz it was I figured it was a phishing scam. But one of my friends told me I also sent a .im message after I replied back. How the heck does that happen?
I guess we watch new viral marketing episode from Twitter economy
I love Bacardi 151. I got all excited because I thought MG was writing about it :p
Next time. Next time.
hahahah!
come on FB seriously, this is not hard to fix.
I highly doubt that this is a phishing scam — it looks a lot more like a CSRF attack (which means they do not have you password). Read up on wikipedia about how it works. Twitter has been plagued by these in the past where messages get sent around virally like this.
nm — based on how Diwant said it works it is a phishing scam, seems surprising that people would fall for that…
Looking at the bottle it has to be from Captain Jack Sparrow.
On the SERIOUS note it indeed is a good drink.
i clicked the ‘Hello’ message title. and it opened up the message. the .im link wasnt even clickable (i wouldn’t have clicked it anyway). was the ‘hello’ the virus? am i safe?
see how he worked Twitter into a Facebook story
Twitter Search is a useful tool for figuring out things exactly like this. Do you note when someone adds the link to a Google search in every post?
Not unless the person seems to have an unhealthy obsession with the service. Im just saying you may wanna see a professional is all.
I care for you man, after all we been thru i gotta look out for ya.
151 shouldn’t be the first drink you have either… it isn’t very pleasant.
A friend of mine on facebook recently sent me the follow ing message:
Subject: Hello
“justfuns.in”
This appears to be a related scam. How does this one work?
I got this but it wasnt a number…
I recieved a message that said
Subject: Do it now!
Funny fulldig.im
I hope this isn’t the same thing… but I’m not clicking on it to try and find out
I got hit by this one because i clicked the link but nothing loaded. I walked away, and when i came back a few hours later, a facebook login page was up, so i logged in, and firefox asked me if i wanted to remember the password and i thought, “firefox already has my facebook passwor….doh.”
is there any news on this phishing scam using the info it gleans outside of facebook? like logging into people’s email accounts or anything?
Whatever the case… the sites don’t stay up long.
Firefox can’t find the server at http://www.151.im
Firefox can’t find the server at http://www.121.im
The one I got was except is was directed to “Check ponbon.im”. I ignored it.
So besides having access to your facebook page and sending out a buttload of emails to all your friends, what’s the value in harvesting all these login details?
the only thing this does is get your facebook password right? not give you a virus on your computer or anything? i clicked on one stupidly yesterday and now i feel like i have a virus on my computer! if its just the facebook thing then whatever, if it somehow gets access to other of my login info that would suck too, argh my stupidity for clicking on it!
Acceptable formats should include the month, day, and year of transaction. ,
I added your blog to bookmarks. And i’ll read your articles more often!