dcsimg

New Facebook Phishing Scam Harvests Passwords

The ruse uses a recently announced messaging product that gives Facebook users an opportunity to own an @facebook.com e-mail address as a lure.

 By Kara Reeder | Posted Mar 11, 2011
Page of   |  Back to Page 1
Print ArticleEmail Article
M86 Security is warning of a new Facebook phishing scam that attempts to harvest log-in credentials, reports v3.co.uk.

According to an M86 blog post, the ruse uses a recently announced messaging product that gives Facebook users an opportunity to own an @facebook.com e-mail address as a lure. The scam tries to trick users into registering for an @facebook.com e-mail address before someone else gets it, but doing so lets attackers gather log-ins and passwords for the site. M86 explains:

The bit.ly link redirects users to a Facebook App (apps.facebook.com/xxxxxpage), which contains an iFrame that points to a compromised site that is hosting the phishing page ... Once a user clicks Next, their information is sent off to the phishers, their accounts are hijacked immediately and their Facebook status is updated to try to scam their friends/family.

M86 suggests that users visit Facebook's "Account Security" section and select the options that will notify them when a new computer or mobile device has logged into their Facebook account.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.