There have been reports overnight of a series of new phishing attacks against users of Facebook.
At the back end of April, SophosLabs blogged about a phishing campaign on Facebook directing users to visit www.fbaction.net and www.fbstarter.com.
Since then we’ve seen a series of attacks (typically you will see a message apparently from a Facebook friend inviting you to check out a link) pointing to domains such as www.junglemix.in, www.kromked.net, mygener.im, and most recently www.151.im, www.121.im and www.123.im.
The aim of these schemes? To grab your Facebook username and password.
Because if you click on the link you typically will get taken to a fake Facebook page, designed to phish information from you.
And once hackers have your Facebook username and password they can spread their attacks further, by logging in as you, assuming your identity and forwarding an attack to your friends and contacts online.
You see, when people receive a message on a social networking site they typically trust it much more than a traditional email. They think “Oh, it’s Bob.. he always sends me fun stuff.. this link has got to be okay to check out”.
The good news is that the security team at Facebook is very aware of the problem, and are working around-the-clock to remove messages from their systems containing the malicious links, and helping to secure accounts for users who may have had their password stolen. (Of course, if your password was grabbed by the phishers make sure you change your login details on any other website where you might be using the same password. More information about that specific security issue – and a handy video about choosing passwords – here).
Last month I revealed that cybercrime on social networks is on the increase, with over 1 in 5 people admitting that they have been on the receiving end of a phishing attack via the likes of Twitter and Facebook.
My guess is that we’re going to see these figures for Web 2.0 cybercrime rising even higher.
Learn more about social networking security risks, and listen to the following podcast for background information about the kind of attacks we see on social networks:
* Image source: Pshab’s Flickr photostream (Creative Commons)