Facebook site under fresh phishing attack
Date of Publishing:02/12/2010
Pune: Popular social networking site Facebook has been witnessing fresh attacks from hackers who are taking innocent users for a ride by using ingenious ways to unleash phishing attacks and open redirects.
Registered Facebook users are now receiving an e-mail message which appears to have come from Facebook Security. The message requests the users to confirm their account. This is just like other phishing attacks we see every day. The twist, however, is that the phishing page itself gets loaded from within the Facebook site using an i-frame. This makes it look much more legitimate than a site hosted on another domain.
The page which a user gets to see reads, "Your account will be deactivated immediately because someone has reported your actions. May be you have written content that is abusive or uploaded a picture that can be insulting or harmful to other users." It then invites the user to click on a link to confirm the account details. If the user obliges, all the information is stolen.
The first message is followed by a second message which is similar, but there’s another URL towards the end. Clicking the link sends the user to www.facebook.com, where a script redirects the user to another website that contains the phishing page.
Observers at Websense Security Labs, said they have seen Facebook being used to display phishing pages for different services, as well as to redirect to phishing pages hosted elsewhere.
Both these attacks make it harder for the user to spot malicious content directly from the e-mail. Both messages point to a valid Facebook URL. In addition, the inclusion of valid Facebook URLs makes protecting users somewhat harder for anti-spam solutions and web filtering products that rely heavily on URL filtering to classify content.
Carl Leonard, Senior Manager, Websense Security Research, told TOI, "With more than 450 million users of Facebook worldwide, malware authors see social networks as a prime opportunity to conduct their activities. Using techniques such as loading phishing pages within an i-frame on Facebook and sending users to Facebook before redirecting them elsewhere adds a perceived level of legitimacy to the end user, making the phish harder to spot. We may then wonder why our Facebook login details are of value to malware authors – because those logins can then be used to spread further phish and malware."
Computer enthusiast Bhushan Joshi who is also preparing to become a Cisco Certified Network Administrator, said there are many incidents of hacking of Facebook accounts recently. "The miscreants are creating multiple accounts with the user’s name and there is a risk of using these accounts for wrong purposes," Joshi said.
According to Joshi, the Facebook users would be safer by changing their account password frequently — even once a week — and by including a space bar in the password. This will lend strength to the password, he added.
You will know it when... the page you get reads, "Your account will be deactivated immediately because someone has reported your actions. May be you have written content that is abusive or uploaded a picture that can be insulting or harmful to other users. It then invites you to click on a link to confirm the account details."
Web Resource for Reference of the Above Mentioned Article: