Facebook users hit with new phishing attack

Attempts to nick usernames and passwords.

By Robert McMillan, IDG News Service
Published: 10:42 GMT, 30 April 09

Facebook users were hit with a phishing attack that tried to steal names and passwords from users of the popular social network.

In the attack, people are sent phoney email messages, appearing to come from Facebook, that try to send them to a malicious website, Fbaction.net, which looks like a Facebook log-in page.

The Fbaction.net website was still live Wednesday afternoon, but as of Thursday, Facebook is now blocking the website after working to blacklist the domain. "We are aware of this phishing domain and have already begun to take action," the company had said on Wednesday.

Facebook: the Google of social networks

"Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We're also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners."

Victims of the attack are being sent a message with the Subject line "Hello," that appears to come from a friend, according to TechCrunch, which first reported the attack. The message simply invites the victim to "Visit http://www.facebook.com/l/4253f;http://fbaction.net/"

That URL redirects the victim to the Fbaction.net website.

Victims of the phishing attack are given several warnings. The first comes when they click on the link in the original message and are redirected away from Facebook's website. Another warning pops up after users enter their name and password on the phishing site and are redirected back to Facebook. This second warning advises victims to change their password.

The Fbaction.net website does not attack the victim's computer, but only tries to collect log-in information.

Criminals like to have this kind of information because computer users often have the same usernames and passwords on several websites. Hacked Facebook accounts are also useful for launching future attacks, security experts say.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Security news

Hackers to target Windows, PowerPoint

Bugs that Microsoft patched today will be exploited, warns security researcher

10 February 2010

Websense debuts Triton unified security platform

Unifies web and email management onto single platform

Russian botnet takes on Zeus

Kill Zeus feature removes rival Trojan from PCs

Microsoft delivers huge Windows security update

Critical flaws patched in massive Patch Tuesday release

Related Security reviews

Malwarebytes' Anti-Malware Free review

Kaspersky Lab AntiVirus 2010 review

Avira AntiVir Premium review

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Challenges and opportunities of PCI

The Payment Card Industry Data Security Standard provides an enterprise structure for improving operational, security, and audit performance. The benefits of the PCI DSS go beyond audit costs and results.

Download Whitepaper

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Six essential steps to successful IT centralisation

This report, based on the real experience of a recent centralisation project, is aimed at those involved in IT strategy within their organisation. It provides some practical insights for CIOs, CTOs, Heads of IT, IT Directors and those involved more closely with the service management function.

Download Whitepaper

Application Grid: The ideal platform for IT consolidation

Evaluating the opportunity for consolidation of middleware — Java application servers and related technologies.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *