Rules & Announcements
Rules & Announcements

India-Forums

   

ALERT: New Facebook Phishing Attack (Beware)

vijay Admin Group
vijay
vijay

Site Admin
Joined: 09 December 2003
Posts: 6582

Posted: 24 May 2009 at 8:52am | IP Logged
Hi,

Lately I have been receiving several messages from my friends on Facebook asking me to visit some wierd domains like : picoband.be, silvertag.be, fcoder.at

And the message used to be like:


[Friend First Name] sent you a message.

Subject: Hello

"Check fcoder.at"

To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=[some numbers]&mid=[some alphanumeric characters]


And I am sure many of us must have even clicked on it... but WAIT!!!! Its a phishing attack and not actually sent by your friend. To know more here is the news for you to know more about this:

Would request you all to forward this message to all your friends and make sure they do not click on these links and fall prey to it as this might lead to completely locking out your Facebook account forever.

Cheers,
Vijay


Facebook Falls Victim To Another Phishing Attack

Phishers use cryptic message to lure users into giving up their account information

May 22, 2009 | 03:58 PM

By Tim Wilson
DarkReading

Social networking site Facebook, which has been the target of several phishing and malware attacks during the past few months, is under the gun again.

Researchers at email and Web security service provider AppRiver on Thursday spotted a phishing exploit on Facebook that is spreading across the community. The phish enables hackers to steal logon and password data, as well as change end users' account information, effectively locking them out of their own accounts.

Security researchers at Cloudmark also have spotted the phishing attack.

The simple attack begins with an email message bearing the subject line "Hello," according to Fred Touchette, senior security analyst at AppRiver. The body of the message reads, "Check areps.at" The message then offers a Facebook link to reply to the message.

When users click on the link, they are brought to a fraudulent Facebook page that requests their account information and then routes them to their own Facebook page as it captures the login data, Touchette says. In some cases, the attackers use the login data to immediately change the users' passwords, effectively locking them out of their accounts.

In addition to areps.at, AppRiver has spotted the same attack coming from several other sources, including bests.at, brunga.at, kirgo.at, nutpick.at, and fcoder.at. These sources bypass some spam filters because they are not structured as full URLs, AppRiver researchers say.

The phishing attack is surprisingly simple and not particularly well-concealed, Touchette observes. For example, it doesn't require CAPTCHA authentication -- which Facebook usually does -- and the destination URL of the fraudulent login page does not contain the word "Facebook" -- which the real logon page does, he notes.

"We're not sure what the [phishers] were thinking, using such a simple attack and then locking users out of their accounts," Touchette says. "Usually, in more sophisticated [exploits] the attacker would quietly maintain access to the account for as long as possible, rather than tipping off the victim."

Both AppRiver and Cloudmark researchers say they expect to see more such attacks on Facebook because of its popularity and the site's viral nature of communications, which makes it easy for attacks to spread.

"Phishing and spam will continue to increase on social networks as users migrate large portions of their Internet activity, such as email, to these properties," says Adam O'Donnell, Cloudmark's director of emerging technologies. "Finding a cost-effective mechanism for remediating phished accounts is now a priority for Facebook and other social network sites. They need to figure out how to reset these people's passwords and contact them without priming their user population for an email-based phishing attack."

Source: http://www.darkreading.com/securityservices/security/attacks/showArticle.jhtml?articleID=217600699


A very simplistic Facebook phishing attack is spreading through the popular social network, says AppRiver senior security analyst Fred Touchette.

It arrives as a Facebook message titled "Hello," and has been asking recipients to "Check areps.at" or "Check bests.at" At least two USA TODAY reporters received these bogus messages this morning.

If you click on the hyperlink it will take you to a fake Facebook login page, where you will be prompted to type your username and password. If you're gullible enough to click to the fake page and type in your credentials, your password will be changed, and you'll be locked out of your account, says Touchette. The bad guys will then use your account to replicate the attack to everyone on your friends list, he says.

Since Facebook requires anyone who sends a message containing a hyperlink to first solve a captcha puzzle, these bad guys evidently are retaining captcha solvers to get their attack moving. This elementary phishing attack underscores two points: it remains cheap and easy for crooks to use botnets to automate phishing attacks; and there's profit in getting even a tiny percentage of recipients to fall for even the crudest of ruses.

"I'm willing to bet these people are jumping on the bandwagon and trying to take advantage of all the Facebook activity," says Touchette. "It's very curious that they lock out the user, which throws up a red flag. They certainly don't have to do that."

Word just arrived from AppRiver that the bad guys, in an effort to stay one step ahead of spam filters, have begun directing message recipients to fake login pages at these links: brunga.at, kirgo.at, nutpic.at, and fcoder.at.

Source: http://blogs.usatoday.com/technologylive/2009/05/phishing-attack-spreads-through-facebook.html



The following 2 member(s) liked the above post:

-Swetha-KiranSD1

aish_punk IF-Sizzlerz
aish_punk
aish_punk

Joined: 11 January 2008
Posts: 20622

Posted: 24 May 2009 at 8:58am | IP Logged
hey thnx vijay for sharing..i heard abt dis too..will be careful nxt time..! Smile
Siddhi_ IF-Sizzlerz
Siddhi_
Siddhi_

Joined: 27 January 2007
Posts: 22115

Posted: 24 May 2009 at 9:02am | IP Logged
OMG!! Thanks for letting us know.. :D
Asherkibiwi Coolbie
Asherkibiwi
Asherkibiwi

Joined: 23 January 2009
Posts: 12803

Posted: 24 May 2009 at 9:04am | IP Logged
thanku so much
-Nadii- IF-Veteran Member
-Nadii-
-Nadii-

Joined: 29 August 2005
Posts: 23076

Posted: 24 May 2009 at 9:07am | IP Logged
Thanks for letting us know.. I have stopped clicking on links I don't know.
-Ami- IF-Stunnerz
-Ami-
-Ami-

Joined: 05 March 2007
Posts: 26229

Posted: 24 May 2009 at 9:09am | IP Logged
Oh! Thanks for letting us know. I hadn't really even known this yet.
amz1990 IF-Sizzlerz
amz1990
amz1990

Joined: 08 October 2007
Posts: 11692

Posted: 24 May 2009 at 9:10am | IP Logged
i have something on my computer saying malware catcher 2009 i checked its some kind of thing that wants me to buy this software but its bogus
Cute_Ash IF-Stunnerz
Cute_Ash
Cute_Ash

Joined: 07 October 2008
Posts: 29872

Posted: 24 May 2009 at 9:13am | IP Logged
Thanks a lot for letting us no!

Go to top

Related Topics

  Topics Author Replies Views Last Post
Like A Post ? Share with Facebook Friends

2 3 4 5

Author: vijay   Replies: 33   Views: 13542

vijay 33 13542 11 September 2008 at 11:08pm by dreamer_dreams
Alert: Hacking attempt on India-Forums

2 3 4 5 6 7 8

Author: vijay   Replies: 61   Views: 5643

vijay 61 5643 30 July 2008 at 9:07am by flute
ALERT:Mysterious Entry Into India Forums!

2 3 4 5 6 7 ... 10 11

Author: Diva   Replies: 85   Views: 6487

Diva 85 6487 13 March 2006 at 11:19pm by shrutibali

Forum Quick Jump

Forum Category / Channels
Forums

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index