Watch out for messages like the following which are popping up on Facebook:
Omg Miley Cyrus sex tape http://www.facebook.com/l.php?u=%5BLINK%5D
They are, in fact, leading users to a phishing website which hopes that you’ll be so excited about the prospect of seeing a sex tape of the Hannah Montana singing sensation that you won’t notice that you’re being asked to log in to a rudimentary fake copy of Facebook’s front page:
We all like to think that we’re too smart to fall for a trick like this, but the truth is that you only need to be careless once for the hackers to be successful.
Identity thieves are keen to gain control of your social networking accounts – as they can use them to steal information about you, trick others into scams, and spread spam and malware campaigns from your account.
At least some of the messages appear to be being published from legitimate Facebook users’ accounts, but it isn’t clear presently how they were compromised. If you find your Facebook account has been posting messages unexpectedly about a Miley Cyrus sex tape, change your password, revoke the rights of any unknown applications to access your profile, and ensure that all references to the sex video are removed from your news feed.
What’s interesting is that this latest wave of spam messages say they were posted “via Email”.
That’s the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).
It’s possible that the facility has been compromised, and spammers have found a way to update users’ statuses of users by sending an email message directly to their Facebook walls.
Be sure to warn your friends about phishing scams like this and teach them not to trust every link that appears in front of them. You can learn more about security threats by joining the thriving community on the Sophos Facebook page.
Take care folks.