NEWS FROM THE LAB - Friday, February 18, 2011

Another Facebook Phishing Scam Run Posted by WebSecurity @ 06:21 GMT

Phishing scams in Facebook. It's not new and it's not sophisticated. But they still catch the unwary and they're still happening now, with only minor tweaks in tactics.

At 2010's end, we saw a run of phishing links being sent around via the chat feature. We're seeing a new run at the moment. The following links are sent (from hijacked accounts) through chat messages and posts on the Walls of randomly selected friends:

  •  http://apps.facebook.com/dealscentral[...]/dsuguo[...]/
  •  http://apps.facebook.com/reallytimeto[...]/
  •  http://apps.facebook.com/backseatdriver[...]/
  •  http://apps.facebook.com/fishingfor[...]/

The links look as if they would go to an App, but they instead just take the user to pages that look like the real Facebook log-in page:

Facebook phishing chat February 2011

Facebook phishing chat February 2011

Obviously, those page URLs aren't legit.

Nothing fancy here, but stay alert and stay safe anyway. This looks to be a small run at the moment, and it would be nice if it died out quick. At time of writing, the first phishing link listed above is no longer active, but the others still work.

You can read more about phishing, or learn how to report a suspected scam, on Facebook's Security Page.