Five New Phishing Applications Challenge Facebook

Facebook informed on August 21, 2009 that it has disabled a group of rogue applications stealing login details of Facebook users and spamming people, but within a period of few hours more such applications appeared.

The applications, called Posts and Stream, dispatched fake notifications to Facebook users in their profile. Clicking on the message let the users to follow a link directing them to a phishing domain that demands login credentials of the users. Once the victim enters his credentials, he is redirected to the legitimate Facebook.

An updated blog post by Rik Ferguson, researcher, Trend Micro, stated that five more applications of such sort emerged on August 20, 2009; these were: "Friends Gifts", "Friends", "Pok", "Your Photos" and "Matching", reported CNET NEWS on August 20, 2009.

Ferguson noted that the newly emerged rogue applications burrow the same format as the previous ones, but make use of different application icons. They have a little bit more convincing notifications to the friends, and also this time, the applications feature fake notifications for the Facebook profile owner, probably in an attempt to provoke the victim into installing further applications and, in turn, maximizing the advertising returns of fraudsters.

It is noted that the researcher had already discovered 6 rogue applications in the same week. One of them was disabled on August 19, 2009, Ferguson said.

Although Trend Micro has said that it has made Facebook aware of the problem, users are still asked to remain cautious while entering their login details. They must fully ensure that the credentials are being entered into authentic sites, and not phishing sites. The Smart Protection Network has already blocked the malicious site that particularly emerged in this phishing attack.

Since past few months, Facebook and other popular web 2.0 sites, such as MySpace and Twitter, have been suffering frequent attacks by cybercriminals. In fact, a recent report from Breach Security states that 19% hacking incidents recorded during the first half of 2009 involved social networks.

In view of the abovementioned facts, security experts have advised users to be wary of messages from unknown users and recommended them to avoid clicking suspicious links so as not to fall a victim of identity theft.

Related article: FBI’s ICCC Annual Report Discusses Fraudulent and Non-Fraudulent Complaints

» SPAMfighter News - 9/7/2009