New Facebook Phishing Scam Harvests Passwords

The ruse uses a recently announced messaging product that gives Facebook users an opportunity to own an @facebook.com e-mail address as a lure.

By Kara Reeder | Posted Mar 11, 2011
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
M86 Security is warning of a new Facebook phishing scam that attempts to harvest log-in credentials, reports v3.co.uk.

According to an M86 blog post, the ruse uses a recently announced messaging product that gives Facebook users an opportunity to own an @facebook.com e-mail address as a lure. The scam tries to trick users into registering for an @facebook.com e-mail address before someone else gets it, but doing so lets attackers gather log-ins and passwords for the site. M86 explains:

The bit.ly link redirects users to a Facebook App (apps.facebook.com/xxxxxpage), which contains an iFrame that points to a compromised site that is hosting the phishing page ... Once a user clicks Next, their information is sent off to the phishers, their accounts are hijacked immediately and their Facebook status is updated to try to scam their friends/family.

M86 suggests that users visit Facebook's "Account Security" section and select the options that will notify them when a new computer or mobile device has logged into their Facebook account.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter