Wednesday, October 07, 2009

For all my facebook friends (and associates) out there...

EMC OPSEC ALERT

Facebook Phishing Scam

Internet imposters are perfecting the technique of impersonating friends on social networking sites like Facebook, with lucrative results The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new Facebook account. I’m going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and who is protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:

Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam. . Victims are losing thousands of dollars. Emotional e-mail pleas sent by imposters, such as “I’m stuck in London and I’ve been robbed, help me,” have become so effective that the FBI last week issued a warning to consumers about social networking sites.

The scam works because personal e-mail and Facebook messages from friends carry with them an air of legitimacy that other Internet communication does not. The impersonators send the message asking for money or account information from your actual account, your photo appears beside the message.

Here’s how to avoid being a victim,

*Never send money to an individual, even a friend, using Western Union unless you are ready to never see it again. There are no security measures in place to protect those who wire money that way, and there’s no way to recover funds send through Western Union that end up in the wrong hands.

*Don’t believe your e-mail, even if it comes from a friend. Any unexpected greeting cards, solicitations, or offers you receive should be treated with complete skepticism. Before you click, call and ask “Did you send this?”

*It’s a good idea to have two e-mail contact addresses on file with Facebook, so you have a better chance of reclaiming a hijacked account if you become a victim. Criminals who hack accounts usually change the password to lock out the rightful owner. Facebook will use the secondary e-mail in an attempt to determine the real owner of the account.

Facebook has also set up a special page to deal with account hacking.


Careful people.

No comments: