Posts

Showing posts from August, 2008

Facebook Phishing

Some colleagues and I talked about this potential threat a few months ago, and it looks like it's finally starting to happen.
http://www.wired.com/politics/security/news/2008/01/facebook_phish


Some Facebook users checking their accounts Wednesday found odd postings of messages on their "wall" from one of their friends, saying: "lol i can't believe these pics got posted.... it's going to be BADDDD when her boyfriend sees these," followed by what looks like a genuine Facebook link.

But the link leads to a fake Facebook login page hosted on a Chinese .cn domain. The fake page actually logs the victims into Facebook, but also keeps a copy of their user names and passwords.

Soon after, the hackers post messages containing the same URL on the public "walls" of the users' friends. The technique is a powerful phishing scam, because the link seems to be coming from a trusted friend.

...

Hackers can use the compromised profiles to host Trojan horses such …