The President is finally taking charge? No, a Facebook phishing attack

Filed Under: Data loss, Facebook, Phishing, Privacy, Social networks, Spam

A warning to all the Facebook users out there - the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.

The president is finally taking charge on Facebook

The president is finally taking charge!!
[LINK]
Is this really for real?.

The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected, via a cross-scripting vulnerability on an MIT webpage and then Reddit, to a phoney Facebook login page.

It may look like Facebook, but it's not the real Facebook. It's designed to phish your username and password from you.

Incidentally, the page is hosted on an almost identically-named domain to one we've previously seen used in a Facebook phishing campaign.

Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals - once they have those, they'll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.

Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.

So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.

If you're on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I'd recommend you join the Sophos Facebook page.

, , ,

You might like

2 Responses to The President is finally taking charge? No, a Facebook phishing attack

  1. James · 1230 days ago

    These days I recommend using a 40 digit password. Of course what do I know? The only drawback is forget the idea of an easy password to remember. Like bradpitt or 12345.

    • Genima · 1228 days ago

      What good is a 40 digit password when you just feed it to the phishers anyway?

      Bugs in the wetware, etc...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.