Now that Facebook has 500 million users, it’s also a big juicy target for phishing and spam. Recently, a new wave of spam messages and chat messages have been flooding the site, and the volume has only surged in the past few days.
What do I mean by phishing? Most AllFacebook readers would be familiar with the term but for those who aren’t, I’m referring to fake emails that try to trick people into revealing their log-in details. Internet banking is a common target for this sort of social engineering hacking and I’ve also seen versions for Amazon and eBay.
Lately I’ve been receiving a lot of emails – which Gmail, to its credit, is mostly filing straight to the spam bin – purporting to be private messages from people on Facebook. The emails are very professionally constructed and probably entirely convincing for someone less cynical than me.
Sometimes spam and phishing attempts give themselves away with dodgy spelling or unprofessional layouts but in this case the emails look exactly like real private messages from Facebook. There are a few clues that all is not as it seems. Firstly I don’t recognize the name of the person purportedly sending the private message – not a clincher, since you can send PMs to people you are not yet friends with. Secondly, the email “to” field does not contain my email address. Thirdly, the message field is empty – which is probably deliberate to prompt people to going to the site to read it. Fourthly, if I actually bothered to check my Facebook account, the messages do not appear in the Facebook system, only in email.
All of this made me immediately suspicious so I investigated further. I found that if I hover my mouse over what purports to be the link to Facebook, the URL displayed as http://www.feetspicy.com. However, I doubt that this is a step that the average Facebook user would take. The only other clue is in the sheer volume. While I might occasionally receive a private message from an unknown Facebook user, 16 of them in two days definitely gets my warning antennae twitching.
If you are Facebook friends with some less techie types – your aunt Ethel perhaps – then you might want to warn them. In this case, it appears to be straightforward spam rather than phishing. In the interests of research, I went to the feetspicy.com website and found it was advertising cheap pharmaceuticals for sale rather than prompting anyone to log into Facebook. But next time that might not be the case and it could result in people getting their accounts compromised.
No wonder Facebook has just joined the board of directors of the Messaging Anti-Abuse Working Group. As many users have also noticed, numerous chat messages are flooding the site, offering free iPhones. Fortunately Facebook is aggressively filtering many of these pages and alerting users that the pages may be abusive, however that isn’t preventing the scammers from sending them.
We’re assuming that the volume of the messages on Facebook itself would die down as the site steps up its preventive measures, although this would not stop phishing spammers from targeting people via email. Given the various types of spammy messages floating around on and off the site, it seems likely that numerous accounts have been successfully phished and hacked. If you see messages like the ones pictured below or above, do not respond or click on them as some of them might result in the spam attack continuing to spread.
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
omg.. we must not be fooled..
Comment by Joanna Chingroa — August 20, 2010 @ 7:01 am
really ?!
Comment by Ted Mraz — August 20, 2010 @ 7:10 am
How are emails that pretend to be from Facebook "spreading on Facebook"? How would Facebook's preventative measures keep such emails from being sent? Do you have any idea what you're talking about?
Comment by David — August 20, 2010 @ 7:40 am
Hey David – you are so right! You should start a blog about all the information you know! Of course you forgot that chat was part of the title of the article – maybe it didn't go into as much detail but it's definitely part of the problem as once people get "phished" by e-mail then they can log into Facebook and send the chat message just like the one displayed – I figured that out by reading this article – If you read the whole article in its context, you see that the "preventative" measures part comes after the "As many users have also noticed, numerous chat messages are flooding the site, offering free iPhones." part.
I look forward to subscribing to your blog because I'm sure it will be much better than this one. Send me your URL – can't wait!
Here's a better idea – cut and paste the last line of your reply into some program like photoshop that lets you reverse an image, print it out really big, hold it up in front of a mirror and see the question asked in the glass!
Comment by Warren Michaels — August 20, 2010 @ 9:18 am
@David I didn't write the headline, though of course chat takes place on Facebook. To address your other point, I believe Facebook's industry efforts through MAAWG are designed to tackle all abusive messages, not just those sent through the Facebook system. That's the point of partnering with other organizations.
Comment by Caitlin Fitzsimmons — August 20, 2010 @ 10:11 am
Here's a solution. Set your privacy setting for messages to friends and networks, then disable chat. Who needs it; junk- as FB has become. Should have stayed college only.
Comment by Guest — August 20, 2010 @ 7:14 pm
I had a similar account, except someone had already hacked my friend's account. He sent me the message through that profile and directed me to a link I had assumed was a picture. It was a bit of ignorance on part, but I clicked the link. It directed me to a login of, what I thought, was Facebook having me log in. While I was waiting for it to load, I caught the URL. Immediately, I went to my account to reset my password; no sign of a breach, so I think I was quick enough.
Comment by Lackadaisical — August 27, 2010 @ 6:19 am
was Facebook having me log in. While I was waiting for it to load, I caught the URL. Immediately, I went to my account to reset my password; no sign of a breach, so I think I was quick enough. my mane sophie deaf thank your days time .. anglais et french et espagnol ok bye
Comment by sophie — August 27, 2010 @ 8:54 am
well first off i never accept a friend request via email i always go directly to facebook! and anyone who sends me a link in the chat box i just close out! and if i am talking to someone and myself or them have a link for me to see they either post it in facebook inbox with our subject of chat and my email! i honestly think it was A BIG mistake on facebook to use our emails that upgrade SUX! it should be back to the way it was when i first started! facebook remains on facebook not facebook/email etc! JUST my OPPINION!
Comment by JD — August 31, 2010 @ 11:57 am
[...] has recently been hit by waves of spam, through private messages, chats and status updates. However, this poll is focused [...]
Pingback by Facebook polls users on spam — September 15, 2010 @ 2:10 pm
This is true, I received a e mail but it wasn't from FB even though it said it was.
Comment by Lisa — January 20, 2011 @ 2:40 am
This happened to me, I just deleted it and thought it was weird. Now i know why it was sent.
Comment by Lisa — January 20, 2011 @ 2:41 am
i wont to spam my boyfriend message cause he wont give me the password how do i do it…….
Comment by tiquandra — June 23, 2011 @ 1:04 am