Friday, April 18, 2008

New Facebook Viral Phishing Scam


I just came across a very well made Facebook "viral" phishing attack.

A friend of mine sent me a Facebook message that suggested that take a look at a video:

"You need to check this out now, it sooooooooo funny, a monkey smoking a cigarette! HA!HA!HA!
It's on facebook videos here: http://funnycigarettechimp.info

lol!"

[note that clicking on that link as it stands will not bring you to the attack, it must be clicked from within the facebook message -- as well, the above message may be on of many variations this phisher might be using as templates -- if the phisher is really smart, he/she would do A/B test message templates on instrument for "conversion rates" on phishes...]

It was the perfect storm: I was brain dead the time before my morning coffee, lack of sleep, and the goof that I am, and also the trusted reputation of this friend of mine that was the sender -- who would normally never send me something unless it was insanely funny (how ironic), and the fact that I never really mentally associated phishing attacks -- I went on cruise control and clicked the link.

(side note: I suspect that most people tend to have a lower expectation for phishing attack [and spam], myself included, in the facebook world as compared to traditional emails)

The link pops up a new window (hint #1) with the facebook landing page exactly as it looks everytime my session times-out from Facebook, and asks you to re-login to the system (hint #2). I was going though the motions in auto-pilot punching in my user name and password (this was partly because I had left this facebook message window open for quite sometime, so I suspected it would have likely timed out...), then I realized that the URL looked legit with a proper icon etc, it said "www.Login-facebook.info" (major hint #3).

(side note: Login-facebook.info was registered April 7th, 2008 -- under a private listing with no contact info, clearly not a trust worthy domain)

After you punch in the user name and password, the site sends you to a YouTube video. Most folks probably would have watched the 30 second time waster, and carried on -- unaware of the fact that the phisher will now use the username and password in Facebook to carry out an attack via Facebook Mail disguised under your login info to send and share the same video to your friends list.

The real danger of this is of course not the spread of the video, but rather the fact that the phisher now has your Facebook password that contains your login email, your password, and all of your private Facebook information (i.e. your cell phone number, name of your friends, photos, inbox data, location/address -- all useful info for identify theft!).

Now my question is... what can be done about this other (highly lagged) phishing filters/blacklists built into browser?

A friend suggested that they could use SSL on the site, but its not like a regular user is going to care about a popup window that saids you're about to leave facebook to another site (i mean, you're leaving to watch a video or whatever), and when people see a new window post click with a facebook login, MOST people will go into cruise control and just punch in their user name and passwords anyways. So I'm doubtful SSL makes a difference here (its actually completely useless IMHO other than securing the data/contents between your system and Facebook)

... Regardless, Facebook Friends Beware of Phishing Attacks and DO NOT LOG IN via "Login-Facebook.com" or anything BUT a URL that contains "www.FaceBook.com"!!!

17 comments:

  1. Just saw your video on Fortune Hunters on CBC - what was the name of your mentor?
    His name popped up on the screen and I didn't catch it but would like to look up if he has any material or speeches. Thanks.

    ReplyDelete
  2. i caught myself fall in the trap today. i hit the submit button and got to looking at the url address and immediately went and changed my password. once that was done i went back to the fake page and left them a gofuckyourself@sshole.com with an equally insulting password.

    ReplyDelete
  3. There's a report at facebook login that these scammers are now selling the facebook account's they phished

    ReplyDelete
  4. This is what I was really looking for. Thanks very much. Keep up this good work.
    Socialkik

    ReplyDelete
  5. Nice website and everybody should totally comply with the author on this one here. Its hillarious, thats what i should write about this post. Because this should be what the whole internet thing is all about right? Keep on doing a great job!
    Socialkik

    ReplyDelete
  6. I think many social networking sites in the search engine but some most important site available like facebook, twitter, digg, stumble upon, Google buzz, linked in, delicious, etc. Socialkik.

    ReplyDelete
  7. i get this message a lot. but mostly they post it as status message. what i do is just ignore it, i guess we will somehow know if the message is a scam/attack or not right.
    social media marketing in malaysia

    ReplyDelete
  8. if you can look into the news today even the famous mark zuckerberg wall can be exploited by just a simple script, let us try to be safe and secure our business, also increase your marketing strategy by increasing your social media.
    Buy Facebook Likes
    OneStop Buy Facebook Likes

    ReplyDelete
  9. I'm glad to read this nice post, this is something I am looking for. It is very informative for me. Thanks for your usual wonderful effort.

    ReplyDelete
  10. I found this as an excellent post and you have provided the meaningful information. Thanks for sharing such a wonderful article.

    ReplyDelete
  11. Easily, the article is actually the best topic on this registry related issue. I fit in with your conclusions and will eagerly look forward to your next updates. Just saying thanks will not just be sufficient, for the fantasti c lucidity in your writing. I will instantly grab your rss feed to stay informed of any updates.
    buying facebook likes

    ReplyDelete
  12. It is imperative that we read blog post very carefully. I am already done it and find that this post is really amazing.

    ReplyDelete
  13. I would like to thank you for your nicely written content, its useful and your writing style helped me to read it without any difficulty. Thanks Buy Real Youtube Views

    ReplyDelete
  14. Your article is very interesting and informative. I very like it a lot. You have done fantastic job. Thanks for sharing interesting post Top 10 Makeup Artists in Kolkata

    ReplyDelete