During the phishing attack, Facebook users receive a message from a "friend" on their contact list urging them to "Check this out." Other subject lines have included "Look at this" and "Hello."
The attackers then invite unsuspecting users to click on a link contained in the message, which subsequently redirects them away from Facebook. In Thursday's phishing scheme, the user received a message from FBStarter.com. Wednesday's attack contained the address "BAction.net."
The new Web site initially appears to be a legitimate Facebook login page, but in actuality was created by attackers in order to steal information when members type in their usernames and passwords. Criminals will then use the acquired information to add to spam lists or for identity theft purposes, with the hopes that members often use the same passwords for multiple accounts.
A Facebook spokesperson told CNN.com that the attacks were stopped within a few hours of each case, but that it was too early to determine whether Wednesday's and Thursday's phishing attacks were related.
The company is currently investigating the circumstances behind the attack. "We are aware of this phishing domain and have already begun to take action," Facebook said in a statement.
Meanwhile, Facebook advises users to avoid clicking on links that don't originate from the site, while warning that many URLs can appear legitimate by containing the word "Facebook."
"It is easy to make a domain name look legitimate when it is fraudulent. The only part of a domain name that is unique to the owner is the part immediately before the .com org, etc," Facebook said.
Once Facebook learns of a phishing attack, the company deletes the URL from members' pages, blocks additional postings, and removes the redirect to the URL that appears in e-mail messages. The company also resets the passwords for members whose accounts were used to distribute the spam.
Facebook advises users to avoid clicking on suspicious or unsolicited links, even if they appear to come from someone they know.
Users who suspect that they're a victim of a phishing attack should immediately change their passwords and notify the company of the scam.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
