ALERT: New Facebook Phishing Attack (Beware)

Hi,

Lately I have been receiving several messages from my friends on Facebook asking me to visit some wierd domains like : picoband.be, silvertag.be, fcoder.at

And the message used to be like:

[Friend First Name] sent you a message.

Subject: Hello

"Check fcoder.at"

To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=[some numbers]&mid=[some alphanumeric characters]

And I am sure many of us must have even clicked on it... but WAIT!!!! Its a phishing attack and not actually sent by your friend. To know more here is the news for you to know more about this:

Would request you all to forward this message to all your friends and make sure they do not click on these links and fall prey to it as this might lead to completely locking out your Facebook account forever.

Cheers,
Vijay

Facebook Falls Victim To Another Phishing Attack

Phishers use cryptic message to lure users into giving up their account information

May 22, 2009 | 03:58 PM

By Tim Wilson
DarkReading

Social networking site Facebook, which has been the target of several phishing and malware attacks during the past few months, is under the gun again.

Researchers at email and Web security service provider AppRiver on Thursday spotted a phishing exploit on Facebook that is spreading across the community. The phish enables hackers to steal logon and password data, as well as change end users' account information, effectively locking them out of their own accounts.

Security researchers at Cloudmark also have spotted the phishing attack.

The simple attack begins with an email message bearing the subject line "Hello," according to Fred Touchette, senior security analyst at AppRiver. The body of the message reads, "Check areps.at" The message then offers a Facebook link to reply to the message.

When users click on the link, they are brought to a fraudulent Facebook page that requests their account information and then routes them to their own Facebook page as it captures the login data, Touchette says. In some cases, the attackers use the login data to immediately change the users' passwords, effectively locking them out of their accounts.

In addition to areps.at, AppRiver has spotted the same attack coming from several other sources, including bests.at, brunga.at, kirgo.at, nutpick.at, and fcoder.at. These sources bypass some spam filters because they are not structured as full URLs, AppRiver researchers say.

The phishing attack is surprisingly simple and not particularly well-concealed, Touchette observes. For example, it doesn't require CAPTCHA authentication -- which Facebook usually does -- and the destination URL of the fraudulent login page does not contain the word "Facebook" -- which the real logon page does, he notes.

"We're not sure what the [phishers] were thinking, using such a simple attack and then locking users out of their accounts," Touchette says. "Usually, in more sophisticated [exploits] the attacker would quietly maintain access to the account for as long as possible, rather than tipping off the victim."

Both AppRiver and Cloudmark researchers say they expect to see more such attacks on Facebook because of its popularity and the site's viral nature of communications, which makes it easy for attacks to spread.

"Phishing and spam will continue to increase on social networks as users migrate large portions of their Internet activity, such as email, to these properties," says Adam O'Donnell, Cloudmark's director of emerging technologies. "Finding a cost-effective mechanism for remediating phished accounts is now a priority for Facebook and other social network sites. They need to figure out how to reset these people's passwords and contact them without priming their user population for an email-based phishing attack."

Source: http://www.darkreading.com/securityservices/security/attacks/showArticle.jhtml?articleID=217600699

A very simplistic Facebook phishing attack is spreading through the popular social network, says AppRiver senior security analyst Fred Touchette.

It arrives as a Facebook message titled "Hello," and has been asking recipients to "Check areps.at" or "Check bests.at" At least two USA TODAY reporters received these bogus messages this morning.

If you click on the hyperlink it will take you to a fake Facebook login page, where you will be prompted to type your username and password. If you're gullible enough to click to the fake page and type in your credentials, your password will be changed, and you'll be locked out of your account, says Touchette. The bad guys will then use your account to replicate the attack to everyone on your friends list, he says.

Since Facebook requires anyone who sends a message containing a hyperlink to first solve a captcha puzzle, these bad guys evidently are retaining captcha solvers to get their attack moving. This elementary phishing attack underscores two points: it remains cheap and easy for crooks to use botnets to automate phishing attacks; and there's profit in getting even a tiny percentage of recipients to fall for even the crudest of ruses.

"I'm willing to bet these people are jumping on the bandwagon and trying to take advantage of all the Facebook activity," says Touchette. "It's very curious that they lock out the user, which throws up a red flag. They certainly don't have to do that."

Word just arrived from AppRiver that the bad guys, in an effort to stay one step ahead of spam filters, have begun directing message recipients to fake login pages at these links: brunga.at, kirgo.at, nutpic.at, and fcoder.at.

Source: http://blogs.usatoday.com/technologylive/2009/05/phishing-attack-spreads-through-facebook.html

hey thnx vijay for sharing..i heard abt dis too..will be careful nxt time..! 😊

i have something on my computer saying malware catcher 2009 i checked its some kind of thing that wants me to buy this software but its bogus

Thanks a lot for letting us no!

Thanks alot for sharing Vijay =)

thanks... i too dont open the links now