Rules & Announcements
Rules & Announcements
Rules & Announcements



ALERT: New Facebook Phishing Attack (Beware)

vijay Admin Group

Site Admin
Joined: 09 December 2003
Posts: 6781

Posted: 24 May 2009 at 8:52am | IP Logged

Lately I have been receiving several messages from my friends on Facebook asking me to visit some wierd domains like :,,

And the message used to be like:

[Friend First Name] sent you a message.

Subject: Hello


To reply to this message, follow the link below:[some numbers]&mid=[some alphanumeric characters]

And I am sure many of us must have even clicked on it... but WAIT!!!! Its a phishing attack and not actually sent by your friend. To know more here is the news for you to know more about this:

Would request you all to forward this message to all your friends and make sure they do not click on these links and fall prey to it as this might lead to completely locking out your Facebook account forever.


Facebook Falls Victim To Another Phishing Attack

Phishers use cryptic message to lure users into giving up their account information

May 22, 2009 | 03:58 PM

By Tim Wilson

Social networking site Facebook, which has been the target of several phishing and malware attacks during the past few months, is under the gun again.

Researchers at email and Web security service provider AppRiver on Thursday spotted a phishing exploit on Facebook that is spreading across the community. The phish enables hackers to steal logon and password data, as well as change end users' account information, effectively locking them out of their own accounts.

Security researchers at Cloudmark also have spotted the phishing attack.

The simple attack begins with an email message bearing the subject line "Hello," according to Fred Touchette, senior security analyst at AppRiver. The body of the message reads, "Check" The message then offers a Facebook link to reply to the message.

When users click on the link, they are brought to a fraudulent Facebook page that requests their account information and then routes them to their own Facebook page as it captures the login data, Touchette says. In some cases, the attackers use the login data to immediately change the users' passwords, effectively locking them out of their accounts.

In addition to, AppRiver has spotted the same attack coming from several other sources, including,,,, and These sources bypass some spam filters because they are not structured as full URLs, AppRiver researchers say.

The phishing attack is surprisingly simple and not particularly well-concealed, Touchette observes. For example, it doesn't require CAPTCHA authentication -- which Facebook usually does -- and the destination URL of the fraudulent login page does not contain the word "Facebook" -- which the real logon page does, he notes.

"We're not sure what the [phishers] were thinking, using such a simple attack and then locking users out of their accounts," Touchette says. "Usually, in more sophisticated [exploits] the attacker would quietly maintain access to the account for as long as possible, rather than tipping off the victim."

Both AppRiver and Cloudmark researchers say they expect to see more such attacks on Facebook because of its popularity and the site's viral nature of communications, which makes it easy for attacks to spread.

"Phishing and spam will continue to increase on social networks as users migrate large portions of their Internet activity, such as email, to these properties," says Adam O'Donnell, Cloudmark's director of emerging technologies. "Finding a cost-effective mechanism for remediating phished accounts is now a priority for Facebook and other social network sites. They need to figure out how to reset these people's passwords and contact them without priming their user population for an email-based phishing attack."


A very simplistic Facebook phishing attack is spreading through the popular social network, says AppRiver senior security analyst Fred Touchette.

It arrives as a Facebook message titled "Hello," and has been asking recipients to "Check" or "Check" At least two USA TODAY reporters received these bogus messages this morning.

If you click on the hyperlink it will take you to a fake Facebook login page, where you will be prompted to type your username and password. If you're gullible enough to click to the fake page and type in your credentials, your password will be changed, and you'll be locked out of your account, says Touchette. The bad guys will then use your account to replicate the attack to everyone on your friends list, he says.

Since Facebook requires anyone who sends a message containing a hyperlink to first solve a captcha puzzle, these bad guys evidently are retaining captcha solvers to get their attack moving. This elementary phishing attack underscores two points: it remains cheap and easy for crooks to use botnets to automate phishing attacks; and there's profit in getting even a tiny percentage of recipients to fall for even the crudest of ruses.

"I'm willing to bet these people are jumping on the bandwagon and trying to take advantage of all the Facebook activity," says Touchette. "It's very curious that they lock out the user, which throws up a red flag. They certainly don't have to do that."

Word just arrived from AppRiver that the bad guys, in an effort to stay one step ahead of spam filters, have begun directing message recipients to fake login pages at these links:,,, and


The following 2 member(s) liked the above post:


aish_punk IF-Sizzlerz

Joined: 11 January 2008
Posts: 20622

Posted: 24 May 2009 at 8:58am | IP Logged
hey thnx vijay for sharing..i heard abt dis too..will be careful nxt time..! Smile
Siddhi_ IF-Sizzlerz

Joined: 27 January 2007
Posts: 23385

Posted: 24 May 2009 at 9:02am | IP Logged
OMG!! Thanks for letting us know.. :D
Asherkibiwi Coolbie

Joined: 23 January 2009
Posts: 14151

Posted: 24 May 2009 at 9:04am | IP Logged
thanku so much
-Nadii- IF-Sizzlerz

Joined: 29 August 2005
Posts: 23078

Posted: 24 May 2009 at 9:07am | IP Logged
Thanks for letting us know.. I have stopped clicking on links I don't know.
-Ami- IF-Stunnerz

Joined: 05 March 2007
Posts: 26229

Posted: 24 May 2009 at 9:09am | IP Logged
Oh! Thanks for letting us know. I hadn't really even known this yet.
amz1990 IF-Sizzlerz

Joined: 08 October 2007
Posts: 11692

Posted: 24 May 2009 at 9:10am | IP Logged
i have something on my computer saying malware catcher 2009 i checked its some kind of thing that wants me to buy this software but its bogus
Cute_Ash IF-Stunnerz

Joined: 07 October 2008
Posts: 29872

Posted: 24 May 2009 at 9:13am | IP Logged
Thanks a lot for letting us no!

Go to top

Related Topics

  Topics Author Replies Views Last Post
Like A Post ? Share with Facebook Friends

2 3 4 5

Author: vijay   Replies: 33   Views: 14428

vijay 33 14428 11 September 2008 at 11:08pm by dreamer_dreams
Alert: Hacking attempt on India-Forums

2 3 4 5 6 7 8

Author: vijay   Replies: 61   Views: 6686

vijay 61 6686 30 July 2008 at 9:07am by flute
ALERT:Mysterious Entry Into India Forums!

2 3 4 5 6 7 ... 10 11

Author: Diva   Replies: 85   Views: 7476

Diva 85 7476 13 March 2006 at 11:19pm by shrutibali

Forum Quick Jump

Forum Category / Channels

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index