And the hits just keep coming: For the second time in the span of a week, the popular social networking site Facebook was the target of another phishing scam. This time, users were sent an e-mail message with the subject line “Hello” then directed to a false Facebook page where they were asked to enter account passwords.
The hackers, who attempted to direct users to the Websites “areps.at”, “best.at” “kirgo.at” or “brunga.at” were attempting to gain access to users’ personal information as well as profile information about friends and relatives connected to the user.
Facebook spokesman Barry Schnitt told ABCNews.com the phishing impacts have not been widespread and affected just a small group of accounts. “We’ve been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly,” he told the news organization. “Our technical efforts and user education initiatives are significantly reducing the impact of each subsequent attack.”
As before, the company was quick to assure users the malicious links had been blocked and fake wall posts and messages were deleted. “We have already blocked links to these new phishing sites from being shared on Facebook, have had them added to the ‘block’ list of the major (Web) browsers and have begun working with partners to have the sites taken down completely,” Schnitt told msnbc.com. “Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional log-in,” he said.
On May 15, news broke that a similar scam was targeting Facebook users by tricking them into visiting a fake Web page designed to look like Facebook pages. Facebook posted a blog post written by an incident response manager on the security team at Facebook alerting users to the problem and offering help on how to avoid the scam.
Schnitt, and the company’s blog, are encouraging users to get on the offensive and help protect themselves from attacks. Recommendations include using an up-to-date browser such as Firefox 3.0.10 or Internet Explorer 8 that features anti-phishing black lists, using unique logins and passwords for each of the Websites users visit, checking to see that users are logging in from a legitimate Facebook page and being cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
Following the first wave of phishing attacks this month, Facebook and brand protection company MarkMonitor announced that Facebook is using MarkMonitor’s AntiFraud Solutions to supplement Facebook’s own in-house security efforts in protecting users against malware attacks. Facebook, which already uses MarkMonitor AntiFraud Solutions to help combat phishing attacks, said it is expanding its use of MarkMonitor to further protect Facebook and its users from ongoing malware attacks.