EMC OPSEC ALERT
Facebook Phishing Scam
Internet imposters are perfecting the technique of impersonating friends on social networking sites like Facebook, with lucrative results The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new Facebook account. I’m going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and who is protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:
Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam. . Victims are losing thousands of dollars. Emotional e-mail pleas sent by imposters, such as “I’m stuck in
The scam works because personal e-mail and Facebook messages from friends carry with them an air of legitimacy that other Internet communication does not. The impersonators send the message asking for money or account information from your actual account, your photo appears beside the message.
Here’s how to avoid being a victim,
*Never send money to an individual, even a friend, using
*Don’t believe your e-mail, even if it comes from a friend. Any unexpected greeting cards, solicitations, or offers you receive should be treated with complete skepticism. Before you click, call and ask “Did you send this?”
*It’s a good idea to have two e-mail contact addresses on file with Facebook, so you have a better chance of reclaiming a hijacked account if you become a victim. Criminals who hack accounts usually change the password to lock out the rightful owner. Facebook will use the secondary e-mail in an attempt to determine the real owner of the account.
Facebook has also set up a special page to deal with account hacking.