Miley Cyrus sex tape is bait for Facebook phishing

Filed Under: Facebook, Phishing, Privacy, Social networks, Spam

Watch out for messages like the following which are popping up on Facebook:

Miley Cyrus sex tape

Omg Miley Cyrus sex tape http://www.facebook.com/l.php?u=[LINK]

They are, in fact, leading users to a phishing website which hopes that you'll be so excited about the prospect of seeing a sex tape of the Hannah Montana singing sensation that you won't notice that you're being asked to log in to a rudimentary fake copy of Facebook's front page:

Facebook phishing website. Click for larger version

We all like to think that we're too smart to fall for a trick like this, but the truth is that you only need to be careless once for the hackers to be successful.

Identity thieves are keen to gain control of your social networking accounts - as they can use them to steal information about you, trick others into scams, and spread spam and malware campaigns from your account.

At least some of the messages appear to be being published from legitimate Facebook users' accounts, but it isn't clear presently how they were compromised. If you find your Facebook account has been posting messages unexpectedly about a Miley Cyrus sex tape, change your password, revoke the rights of any unknown applications to access your profile, and ensure that all references to the sex video are removed from your news feed.

What's interesting is that this latest wave of spam messages say they were posted "via Email".

That's the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).

Upload email

It's possible that the facility has been compromised, and spammers have found a way to update users' statuses of users by sending an email message directly to their Facebook walls.

Be sure to warn your friends about phishing scams like this and teach them not to trust every link that appears in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.

Take care folks.

, , ,

You might like

4 Responses to Miley Cyrus sex tape is bait for Facebook phishing

  1. andrew blignaut · 1406 days ago

    This just shows us how insecure facebook is and the repercussions this could have. Facebook has become too insecure and is almost unusable today. No content on facebook is safe. I have quit facebook in disgust and will be joining a safer social networking platform like MyCube or Diaspora as soon as they release

  2. David · 1405 days ago

    Andrew there is no such thing as a safe website. all sites have weakness somewhere and all sites can be made for phishing, you just got to look out and not put your password in other then on facebook.com domain

  3. adam · 1075 days ago

    That has nothing to do with facebook being insecure. The phishing didn't occur our their domain. People need to use common sense on what they click on and maybe pay attention to the address bar?

  4. Karen · 744 days ago

    If people would use them, facebook has a whole section on security, including labeling recognized devices, code generators and confirmations via text.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.