Facebook Bolsters Security To Fight Phishing Attack

Facebook is bolstering its security infrastructure after being pummeled with two phishing attacks that lured victims to fraudulent Web sites to acquire login credentials from them.

In an effort to strengthen its internal security efforts and combat phishing and other kinds of malware attacks, Facebook is expanding the use of Internet fraud security vendor MarkMonitor to include solutions that will also protect its platform, Facebook said. The Palo Alto, Calif.-based company already employs MarkMonitor's AntiFraud Solutions to supplement its in-house security efforts.

"Our deep commitment to the safety of our users requires a strong proactive security strategy, best-of-breed technology and active engagement with industry leaders," said Ryan McGeehan, threat analyst at Facebook, in a statement. "MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing so it was a natural next step for us to bolster our own security systems with their antimalware solution."

Specifically, Facebook will send MarkMonitor suspicious URLs, which are then added to the browser blacklists and ultimately taken down, a company spokesperson said.

The enhanced security measures follow after two phishing attacks, launched Wednesday and Thursday, respectively, lured victims to a fake Facebook Web site and demanded that they submit login credentials. Victims initially received a message that appeared to come from a friend on their Facebook contact list. The users were then invited to click on a link contained in the message, which redirected them away from Facebook to another site. In Thursday's phishing scheme, the user received a message from FBStarter.com, while Wednesday's attack originated from "BAction.net."

While the redirected Web site initially appeared to be a legitimate Facebook login page, it was actually a phishing site, created by hackers to steal users' login credentials. The attackers could then use the login information to send spam or break into other personal and financial accounts for identity-theft purposes. Users often use the same passwords for multiple accounts.

Facebook said Friday that it had already blocked www.fbstarter.com from being shared on the site, which subsequently impeded its spread. In addition, Facebook said it was deleting that URL from walls and in-boxes across the site.

"This is an advantage we have over e-mail. Gmail can't delete spam sent to Hotmail. We've also blocked access to the URL so if someone does find it on Facebook, it won't send them to the destination," a company spokesperson said via e-mail.

Facebook is also automatically resetting the password on any account used to send the malicious link, which subsequently renders the information inaccessible to the attackers.

Security experts say that Facebook will continue to be a target for attackers, who will capitalize on the site's touted 200 million users to spread malware. Once users are infected, malware can wreak havoc on a user's PC by silently residing on a system and recording keystrokes and logging sensitive information such as usernames, passwords, credit card and social security numbers, which are then used in future attacks.

"The meteoric success of Facebook makes it a natural target for malware attacks that seek to capitalize on their trusted and recognizable brand," said Frederick Felman, chief marketing officer at MarkMonitor, in a statement.

Facebook advised that users should always make sure the Web address is facebook.com before logging in to the site. In addition, users should log in with unique passwords for the sites they access, be suspicious of any message, post or link that asks for login information, and use an up-to-date browser that has a phishing site blacklist, Facebook said.