Facebook Phishing

Some colleagues and I talked about this potential threat a few months ago, and it looks like it's finally starting to happen.
http://www.wired.com/politics/security/news/2008/01/facebook_phish


Some Facebook users checking their accounts Wednesday found odd postings of messages on their "wall" from one of their friends, saying: "lol i can't believe these pics got posted.... it's going to be BADDDD when her boyfriend sees these," followed by what looks like a genuine Facebook link.

But the link leads to a fake Facebook login page hosted on a Chinese .cn domain. The fake page actually logs the victims into Facebook, but also keeps a copy of their user names and passwords.

Soon after, the hackers post messages containing the same URL on the public "walls" of the users' friends. The technique is a powerful phishing scam, because the link seems to be coming from a trusted friend.

...

Hackers can use the compromised profiles to host Trojan horses such as key loggers that go on to steal banking passwords and credit card numbers.

And since many people use the same logins and passwords on multiple sites, the hackers can also check if stolen Facebook credentials will log them into eBay or Amazon, for instance.

Comments

hanum said…
I couldn't open my inbox and I've got message from FB Team: "We have detected suspicious activity on your Facebook account and have temporarily suspended your account as a security precaution. It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. You can regain control of your account by logging into Facebook and following the on-screen instructions. Please be sure to visit the Facebook Help Center (http://www.facebook.com/help.php) for further information regarding these security issues and let us know if you need assistance". Do you know?
5:46 AM
Post a Comment

Popular posts from this blog

How to Fix a Jammed Toyota Camry Trunk

This problem needs a higher pagerank, so I figured I would post the solution here. If your Toyota Camry trunk won't open, one possible reason is that it is set to valet mode. Valet mode means that you cannot open the trunk using the release lever inside the car. To set valet mode, you put the key into the trunk lock and turn it counterclockwise. You will know that your trunk is in valet mode if the lock is horizontal rather than vertical, and if you cannot open the trunk using the lever near the driver's seat. Of course, a problem is that sometimes the Camry can get stuck in valet mode, such that you can't use your key to get out of it. (You can see how I spent part of my Sunday morning ...) The solution turns out to be WD-40 . Spray some WD-40 on your key and on the lock. Put the key in, and jiggle it around, and happiness ensues. From an interaction design perspective, it sort of makes sense to have a valet mode. After all, the point of having a valet key is to limit the
Read more

Web 2.0 and Research

I've been chatting with many of my friends and colleagues about an issue that's been bugging me for a while, namely whether academic research has any role to play in the emerging Web 2.0 . I've been slowly coming to the conclusion that the answer is not much. I had a similar discussion with other researchers at HotMobile a few weeks ago. When the web first came out, pretty much every systems researcher ignored it because it was so ugly. The web was not very sophisticated in terms of distributed systems, HTTP lacked elegance, HTML conflated many different ideas, and so on. There were also not any really new ideas with the web, as evidenced by the fact that Tim Berners-Lee 's first paper on the Web was (probably rightfully) rejected from an ACM conference on hypertext. I'm sure one thing that really irked researchers about the nascent web was that it completely ignored the large body of work in hypertext and distributed systems that had preceded it. Even in 1997, as
Read more

[Research] Famous Rejected Papers

I've always thought it would be fun to compile a list of famous rejected research papers, ones that later turned out to be highly influential. For example, in My Life as a Quant , the author tells the story of how the famous Black-Scholes paper (which describes how options should be priced) was rejected several times. The work eventually led to a Nobel Prize in economics. (Yes, I know, there technically is no Nobel Prize in economics). Then there's George Akerlof 's work on asymmetric information . I don't recall exactly, but I think the reviewers thought it was too simplistic. It also led to a Nobel Prize in econ. And then there's Tim Berners-Lee 's original paper on the World Wide Web. He describes his experiences in his book Weaving the Web . I think it was submitted to a hypertext conference, but was accepted only as a demo. I'm guessing reviewers didn't see much novelty in the work, which probably was correct from a research perspective.
Read more