Phishers hit Facebook with scam messages

The attack tries to steal Facebook usernames and passwords

Facebook users were hit Wednesday with a phishing attack that tried to steal names and passwords from users of the popular social network.

In the attack, people are sent phoney e-mail messages, appearing to come from Facebook, that try to send them to a malicious Web site, Fbaction.net, which looks like a Facebook log-in page.

The Fbaction.net Web site was live Wednesday afternoon, but Facebook is working to blacklist the domain and hoping to have the site shut down, according to a Facebook spokesman.

"We are aware of this phishing domain and have already begun to take action," the company said in a statement.

"Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We're also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners."

Victims of the attack are being sent a message with the Subject line "Hello," that appears to come from a friend, according to TechCrunch, which first reported the attack. The message simply invites the victim to "Visit http://www.facebook.com/l/4253f;http://fbaction.net/".

That URL redirects the victim to the Fbaction.net Web site.

Victims of the phishing attack are given several warnings. The first comes when they click on the link in the original message and are redirected away from Facebook's Web site.

Another warning pops up after users enter their name and password on the phishing site and are redirected back to Facebook. This second warning advises victims to change their password.

The Fbaction.net Web site does not attack the victim's computer, but only tries to collect log-in information.

Criminals like to have this kind of information because computer users often have the same usernames and passwords on several Web sites. Hacked Facebook accounts are also useful for launching future attacks, security experts say.

Tags scamssocial networkingphishingFacebooksocial engineering

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?