Phishing Scams On Facebook
Bad Login Screens By Areps.at and Brunga.at Steal User Information
May 25, 2009
Phishing is defined at Dictionary.com as “the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.”
In essence, hackers and scammers are “fishing” for user passwords. There have been innumerable phishing sites and scams. The most recent attack by phishers on Facebook is only one example of many. Users must constantly be aware of the possibility of phishing and help spread the word to uneducated newcomers.
How Does Phishing Work?
In the popular social network sites, such as Myspace and Facebook, the hacker leaves fake messages on a user’s wall with a short, innocent message and then a link. When the user investigates the link by clicking, he or she finds an exact replica of the login screen. The user will enter his or her password and username, unknowingly forwarding the keys to their account to the malicious, unseen hacker who made the replica login site.
After this has happened, the user’s account is no longer his or her own. The hacker has full access to it and will use it to perpetuate the phishing scam by leaving fake comments with the bad link on all of their friends’ pages. The user may not know that his or her account has been phished, but if the user finds comments left by their account that they didn’t leave, it’s a sure sign that the account has been hacked. The solution is to change the password as soon as possible. Some sites will alert users of suspicious account activity and ask them to change the password.
Avoiding Phishing
Phishing can be avoided with a little education and caution.
Watch out for suspicious messages and unexpected login pages. The phishing scam is spread through bogus comments left by friends whose accounts have already been infected. They are usually short messages like “Hi,” or “Hello.” They always include the link to the bogus login page, which will pop up when the unsuspecting user clicks on it. Simply clicking the link does not infect one’s account. So don’t panic immediately, it’s safe to look.
Check for Fishy URLs Like Areps.at and Brunga.at
Phishing hackers are fantastic mimics, Internet chameleons. Don’t expect to know a fake login screen on sight. There is only one definitive way to tell.
Before entering a password and username to an unexpected login screen, identical or not, always check the URL at the top of the screen. If it does not have the proper name in the browser address then do not enter any information! For example, the latest phishing sites to attack facebook had URLs on their fake login screens like “areps.at” and “brunga.at”.
Protect Friends From Phishing
Users whose accounts have been infected need to know. If a friend leaves a suspicious comment, tell the friend about it. He or she likely had no idea the hacker had control of their account. Especially be aware that new users may be susceptible to this deception. New users to Facebook or other social networking sites may have no experience with this type of phishing.
Facebook is committed to protecting its users and actively tries to disable these phishing links and block the bad login sites. With good reason too. With 200 million users, and an estimated 3.5 million more added each week, even a tiny percentage infected with the phishing “virus” compromises the privacy of millions.
 |
