Facebook Phishing

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things. ...

CNet: The latest security fiasco on Facebook’s application platform may involve business pages rather than personal accounts: Sendible, a company that makes software for businesses to manage accounts and presences on various social-media services, looked like it was hit by a virus or hacker on Tuesday afternoon: TechCrunch pointed out that Sendible-managed brand pages on Facebook appeared to be posting malicious links. Now Sendible’s claiming it wasn’t their fault. “Just to clarify, Sendible was not hacked,” the company posted to its Twitter account. “One of our users has discovered a major flaw in Facebook’s security.” Sendible’s Twitter account then quoted the user in question, who said, “i wanted to post only on a few Facebook walls as a fan – and for some reason, posted as the page Owner. weird,” and Sendible added “This appears to be a bug in Facebook’s API as the posts should have been displayed as the user profile and not the page owner.” ...

Currently a new likejacking-attack is running on Facebook. If a user clicks on the link of a friend which is reads “I Will NEVER TEXT Again After Seeing THIS!! on CLICK HERE TO SEE.”, she or he will automatically “like” that link too due to some clever scripting on the attacking website. A second like-link says “This American GUY must be Stoned to Death for doing this to a GIRL (NO SURVEYS)! … on CLICK HERE TO SEE.”. This is another variant of the same likejacking-attack. ...

The information being transmitted is one of Facebook’s basic building blocks: the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation and photos. ...

How does one say in French: “We’re gonna make an example out of you, boy” The Toronto Sun is reporting that convicted spammer Adam Guerbuez of Montreal has been ordered to pay $1 billion to Facebook by Quebec Superior Court. The court was upholding a U.S. Federal court fine that resulted from a wave of four million spam ads sent to Facebook users in 2008. Guerbuez did not contest the Sept. 28 Quebec Superior Court ruling. ...

We have started to see again a large increase in the amount of emails pretending to come from Facebook. There are two types of emails which are being sent in large amounts currently. Both of them use classical types of social engineering techniques. The first type is using the old trick with “the photos”. The final target is a website where SMSes can be sent for “free” (note the quotes). I would like to emphasize again that there is nothing out there for free. Even if you don’t pay for it, those who offer the service (or whatever is given for “free”) do get something in exchange. It might be your telephone number, your email address or something similar which is worth a lot on the Internet. ...

One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook. As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.” However, Facebook is one of the most trolled social networks by cyber criminals. They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account. ...

Here’s one of the latest Facebook phish attempts: videos of “beautifull” girls: It might look like the Facebook login page, but, check out the URL. I don’t think you want to log in to Facebook there.

Even Facebook board members are not immune to phishing attacks. On Saturday, Jim Breyer of Accel Partners became the latest victim when his account was used to send a spam message to more than 2,300 friends. The message in question (see below) came in the form of an event invitation reading, “Would You Like a Facebook Phone Number?” and included an RSVP link. The phishing scam prompted individuals who clicked on the faulty link to enter their login credentials, which then caused their accounts to be hacked in the same manner. ...