Phishers hit Facebook with scam messages
Scammers try to steal names and passwords
April 29, 2009 12:00 PM ETIDG News Service - Facebook users were hit today with a phishing attack that tried to steal names and passwords from users of the popular social network.
In the attack, people are sent phony e-mail messages, appearing to come from Facebook Inc., that try to send them to a malicious Web site, Fbaction.net, which looks like a Facebook log-in page.
The Fbaction.net Web site was live this afternoon, but Facebook is working to blacklist the domain and hopes to have the site shut down, according to a Facebook spokesman.
"We are aware of this phishing domain and have already begun to take action," the company said in a statement.
"Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We're also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners."
Victims of the attack are being sent a message with the Subject line "Hello," that appears to come from a friend, according to TechCrunch, which first reported the attack. The message simply invites the victim to "Visit http://www.facebook.com/l/4253f;http://fbaction.net/" and the URL redirects the victim to the Fbaction.net Web site.
Victims of the phishing attack are given several warnings. The first comes when they click on the link in the original message and are redirected away from Facebook's Web site. Another warning pops up after users enter their names and passwords on the phishing site and are redirected back to Facebook. This second warning advises victims to change their passwords.
The Fbaction.net Web site does not attack the victim's computer, but only tries to collect log-in information.
Criminals like to have this kind of information because computer users often have the same usernames and passwords on several Web sites. Hacked Facebook accounts are also useful for launching future attacks, security experts said.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

