Facebook hit by phishing attacks for a second day
Facebook stopped a phishing attack on Thursday, its second day in a row of dealing with a worm on the site that lures people to a fake Facebook page and prompts them to log in.
Unsuspecting Facebook users get a message from a friend urging them to "check this out" and including a link to a Web page that appears to be a Facebook log-in page, but it is a fake site that steals their information when they type in their username and password. The worm also sends a copy of the message to the infected Facebook member's contacts.
In the latest attack, the Web address was "FBStarter.com." In Wednesday's attack, the address was "FBAction.net."
The attacks were stopped within a few hours in each case, said Facebook spokesman Barry Schnitt. He said it was too early to say whether the two phishing attacks are related. "We are investigating," Schnitt said.
Once Facebook learns of a phishing attack, either by members notifying the company or employees noticing that a URL is being distributed to a lot of people, the company deletes the URL from members' pages, blocks fresh postings, and removes the redirect to the URL that appears in e-mail messages, Schnitt said.
Facebook also goes in and resets the passwords of member accounts that had been used to distribute the spam, he said.
The company also alerts anti-fraud partner MarkMonitor, which passes the phishing URL on to the major browsers to block it and contacts ISPs to take the site down, according to Schnitt.
To protect against phishing scams, Facebook users should make sure that the URL they are visiting says "www.facebook.com." If it doesn't use that domain it's likely to be spam. Also, members that are already logged in to Facebook will not be asked to log in again.
"People should have a healthy dose of suspicion, and ask themselves 'why did I get logged out?'" Schnitt said. "If something looks a little strange you should check the address bar."
Facebook users who think they have been affected by the scam should change their passwords and review their Facebook stream for any unauthorized changes. If they use their Facebook password for other sites, they should change those passwords as well. And if they are using their Facebook authentication to log in to any other sites, they should check for any unauthorized changes on those sites. Information on safe password creation and use is here.
Facebook prevents accounts from re-distributing phishing URLs once a spam attack has been noticed.
(Credit: Facebook)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
often when you follow a link from facebook to the outside world, facebook.com still appears in the URL field so it really looks like you're still at facebook.com! it's their way of keeping you in their system as much as possible, with a header frame offering to take you back to facebook. you advice to trust a website because you see facebook.com in the URL is bad.
BULL S**T facebook is one of these horrible sites that constantly logs you off and has errors all over.
Arrrr!
- by eberns May 31, 2009 5:41 PM PDT
- On Thursday, I was unable to get onto FB all day. I tried numerous times with what looked like the Facebook browser, however, when I tried to login another browser would appear and then they would ask for my info all over again, this happened several times, maybe 7 or 8 times. I believe that the security at F B stopped the maliciousness from causing me any further problems, because they refused, even after changing my password to let me in and I am grateful because it stopped any further damage to my puter.
- Like this Reply to this comment
-
(7 Comments)