In the last half hour I’ve received multiple emails from people about a new phishing scam making its way around Facebook. The service lures users to enter their information at a site FBAction.net which displays a false Facebook login page. Within a short amount of time, users that enter their email and password find that their password has been switched and all of their friends have been emailed from the account.
It’s not a very original phishing scam but it definitely works. One user told us that his “guard was down today” and he ended up entering his information. The result is that he can no longer log in to his account. Facebook has been fighting against phishing scams for a while now. Spammers end up hijacking users’ accounts and the posting random wall posts and sending out messages.
Within a short amount of time, millions of users have their accounts taken over. While users don’t end up with spyware installed on their system, they quickly lose access to their account. Facebook will have to stop this phishing scam quickly and then set up a page for users to get their account back. Often times users completely lose their accounts for falling victim to these phishing schemes.
Facebook is aggressive in policing spam as they’ve learned from MySpace where spam at one point rendered the site practically unusable. It has still been a challenging battle and has forced Facebook to invest a substantial amount of resources in to fighting spammers. Facebook has even filed (and won) lawsuits against some of the largest spammers.
With more than 200 million users, Facebook is an easy target for spammers. My guess is that we’ll see more of these in the near future. Did the FBAction.net phishing scam reach you yet?
Copycat Facebook Login Page From fbaction.net
Are you sure this isn’t a hoax in itself? Those float around FB too.
Well I’m glad to see that Firefox lists fbaction.net as a suspected web forgery.
I got a message about fbstarter.com. Is that phishing as well??
It’s still going today, but they’ve changed the website to http://www.fbstarter.com
An interesting development, compared to the more traditional phishing scams on banks. What’s the advantage for the scammers though? Do facebook users running facebook ads have credit card information that would then be accessible?
it is also fbstarter.com and the answer is YES, it has hit me!
I just received another one to fbstarter.com
Thanks - yes - amazing how one’s guard can go down when something arrives that is apparently from a trusted friend.
Today, my wife fell victim to such a phishing scam. There was a message on her wall that said something like “I was really drunk in this photo”, and the URL was something like http://urly.at/xxx (I forget what the xxx was), but if you click on that link, you end up at what LOOKS LIKE a Facebook login page, so one may assume there was a glitch and you got logged out by mistake, so you enter your email address and password. Well, now the phishers have your password, and for those people who use the same password for their email and their facebook, the phishers now have your EMAIL password as well.
lmfao if you guys get these kinds of scams means u have a bigger problems than facebook takeovers.