Offering a popular website or web service is not always a blessing. This especially becomes apparent when you have to deal with security related issues like phishing attacks. Facebook is without doubt one of the most popular sites on the Internet these days and it therefor comes unsurprisingly that the service is regularly attacked.

Trend Micro are reporting about yet another Facebook phishing attack that is currently in the wild. The attack begins – like most phishing attacks – by mass mailing potential Facebook users informing them that they need to update their Facebook login credentials. A link is offered in that email and if they follow that link they land on a website that looks like Facebook. What’s interesting here is that the email address field of the Facebook login form is already filled out so that the Facebook user only needs to enter the Facebook password to complete the process.

A click on the login button will open a new page that contains a link to an update tool which installs a trojan on the user’s system.

It attempts to access a Web site to download a file which contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.

The blog post contains security tips on how to distinguish legit from phishing emails. Users who are interested in those can visit the blog post but the most important lesson once again is to avoid clicking on links that are send via email.

Tags: facebook, facebook login, facebook login page, facebook phishing, facebook security, phishing

Related posts

• Facebook Login Page (27)
• facebook login (34)
• Worio Combines Bookmarking And Web Search (2)
• Windows Live Photo Gallery Facebook Plugin (4)
• Which Facebook Apps do You Think are Worthless? (9)

No related posts.

Posted on November 8, 2009 at 8:00 pm
http://techzond.com/facebook-phishing-scam-in-the-wild/
http://techzond.com/facebook-phishing-scam-in-the-wild/trackback/
Categorised under : General
Tagged with :