Watch out for messages like the following which are popping up on Facebook:
Omg Miley Cyrus sex tape http://www.facebook.com/l.php?u=[LINK]
They are, in fact, leading users to a phishing website which hopes that you'll be so excited about the prospect of seeing a sex tape of the Hannah Montana singing sensation that you won't notice that you're being asked to log in to a rudimentary fake copy of Facebook's front page:
We all like to think that we're too smart to fall for a trick like this, but the truth is that you only need to be careless once for the hackers to be successful.
Identity thieves are keen to gain control of your social networking accounts - as they can use them to steal information about you, trick others into scams, and spread spam and malware campaigns from your account.
At least some of the messages appear to be being published from legitimate Facebook users' accounts, but it isn't clear presently how they were compromised. If you find your Facebook account has been posting messages unexpectedly about a Miley Cyrus sex tape, change your password, revoke the rights of any unknown applications to access your profile, and ensure that all references to the sex video are removed from your news feed.
What's interesting is that this latest wave of spam messages say they were posted "via Email".
That's the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).
It's possible that the facility has been compromised, and spammers have found a way to update users' statuses of users by sending an email message directly to their Facebook walls.
Be sure to warn your friends about phishing scams like this and teach them not to trust every link that appears in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.
Take care folks.
This just shows us how insecure facebook is and the repercussions this could have. Facebook has become too insecure and is almost unusable today. No content on facebook is safe. I have quit facebook in disgust and will be joining a safer social networking platform like MyCube or Diaspora as soon as they release
Andrew there is no such thing as a safe website. all sites have weakness somewhere and all sites can be made for phishing, you just got to look out and not put your password in other then on facebook.com domain
That has nothing to do with facebook being insecure. The phishing didn't occur our their domain. People need to use common sense on what they click on and maybe pay attention to the address bar?
If people would use them, facebook has a whole section on security, including labeling recognized devices, code generators and confirmations via text.