Facebook is currently dealing with phishing scam attacks which gather users' login information and passwords. Reportedly, enticing comments tricked some users a few days ago into accessing what seemed to be a valid Facebook link. The page to which the link directs although logs the victims into Facebook it also crops personal data of the user.
Afterwards, messages originating from hackers having the same URL are posted for the user’s friends to see which works just fine as the link indeed seems to be sent by a trusted source.
According to Marc Gaffan, responsible with product marketing for security firm RSA's Identity and Access Assurance Group, if until now phishing has occurred almost exclusively within the financial services area, these days it seems to emerge more and more as a real danger to online web sites which have not focused so much on authentication and which have been somehow carefree regarding the matter of phishing.
However, that is no longer the case as hackers have directed their attention to social networking services “motivated” by the number of people using the same logins and passwords on various sites. Thus, once Facebook credentials are stolen, hackers try them on other sites such as Amazon.
Spammers use pseudo-profiles to get personal information that can be used afterwards to send spam or malware. They send fake messages to determine people to access a link or install some attached malware.
As Wired.com reported, Dancho Danchev, an independent security consultant who has been tracing down this kind of crooks, warned against hackers who may be planning to gather a great number of accounts before embedding malware to infect those who visit the compromised profiles.
As newly implemented security measures, banks and online brokerages have started to use various techniques against phishing attacks including physical token required from the user which creates a new passcode every minute and a request for more information when a user is trying to log in from another machine or geographic area.
We strongly recommend to those who become victims of phishing scams to log in and change their passwords as soon as this happens, and treat their e-mail and shopping accounts the same way if the passwords for these services match the ones stolen.
So far, Facebook made no comments concerning the aforementioned issue.
