Yesterday we wrote about the fbaction.net phishing scheme. As of today the site has been blocked but now a new site is replacing the old version and it’s called fbstarter.com. Apparently the spammers are pretty aggressive in their campaign to get Facebook users’ email addresses and passwords. While Facebook is going after the spammers, this most recent set of spammers appears to be quick to set up new sites.
We’re guessing that this site will be down just as quickly as the last one but it’s no doubt a serious issue for Facebook. Facebook has had a number of ongoing spam battles including spam applications and the recent Koobface virus which was eventually defeated thanks to the help of Microsoft. There’s no public estimates of how many users have been affected by these phishing scams but with the number of emails we’ve been receiving, I’d guess it has to be in the millions.
This scam is not much different than the last which leads us to believe it’s the same person. I ran a couple tests to see if we could figure out if the source was the same. The two domains fbaction.net and fbstarter.com appear to be registered with different companies but that’s about all we know. When I ran an “nslookup” command, fbaction.net returned no valid response.
The current scam appears to be hosted in Latvia and the previous domain referenced an easter European location as well so there’s a very good chance the two are linked. Aside from that we have no further information on this latest scam. Make sure not to click on links to “fbstarter.com”!
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
I find it very reassuring that if you put your login info into either of these sites, they redirect you to Facebook, and Facebook (noticing the referrer) tells you you’ve been had, and offers to let you reset your password right away.
I also like the Firefox already blocks both those sites anyway.
By the way, I didn’t put my info into those sites. I do what I always do on Phishing sites: I put in fake email addresses and password.
Comment by Dan Jones — April 30, 2009 @ 3:00 pm
The increasingly boneheaded "updates" to Facebook GUI will soon render the site useless anyway. Perhaps the facebook team leaders should ditch their current strategists and hire the vlads in eastern Europe … the Eastern Europeans seem to understand how to make money.
Comment by OldFogie — May 2, 2009 @ 9:08 am