Hackers and spammers have been using relatively similar tactics over the past few months to compromise Facebook user accounts. The most recent scam spreading on Facebook involves the use of hijacked user accounts for sending out chat messages with links to the standard Facebook phishing page. When the user clicks the link, they are sent to a fake Facebook login page and then redirected to the actual Facebook after their email and password has been stolen.
The system then automatically logs in with the user’s account and spams all their friends via chat. This form of phishing scam utilizes automated robots to perform these tasks on a large level. Facebook is known for aggressively pursuing phishers, scammers, and hackers. However once in a while new security vulnerabilities appear on Facebook. This is the latest one of those.
My guess is that Facebook will have this new security issue resolved relatively quickly as the offending site will be blocked and Facebook will set up a filter to remove the chat message. The chat message that we received stated: “ROFL this you?! http://3.ly/mZQ”. Had I not known that this is a standard scam, I could have easily been duped.
There’s no telling how many users have had their accounts compromised in this latest attack but if you want to protect yourself, make sure not to click on any questionable links sent by your friends via chat.
Thanks for the heads up Nick, Facebook is a breeding ground for this stuff because too many people simply click anything in front of them.
Nick
It Got me! Thanks for giving an explanation..
Most typical users will click on these links without thinking… Even experienced tech heads might fall for it.
I for one don’t love the huge growth in the number of URL shorteners, for exactly this reason. You can hide some pretty malicious links in them.
Users of Firefox should check out the Bit.ly Preview Extension. It pops up a small brown box over http://bit.ly URLs, showing the actual URL that has been shortened. I imagine other URL shorteners may have their own extensions, or maybe not.
Seems like previewing and checking out shortened URLs should be a function of the browser, or possibly security apps.
ok, so was phished or whatever… what do i do to fix the problem… like clear myaccount or something? reset it? any feedback would be appreciated.
Such indirect, vague messages are stupid. I’d never respond to them. People should change their passwords once in a while
Firefox also has another add-on that will show you a preview of all links so you can check all of the links your friends post before you click them, the Add-On is called Cool Previews. Check it out
Thank you,
I have already gotten multiple posts on my wall about
“seen this funny ass vid of you?”
“something about tonix or something”
AND THEY’RE ALL THE SAME LINK
i fell for it once, but thanks to firefox, it reported it as web forgery