Facebook Used for Phishing Attacks
As per the reports by Softpedia.com on November 30, 2010, the first mail seems to have come from Facebook security. The e-mail informs user that his account would be soon deactivated since some other user has reported his actions due to the inclusion of some abusive content.
The scam mail gives the recipient one day to re-check his Facebook credentials by clicking on a URL attached with the phishing mails.
Websense claims that although this phishing scam is similar to the usual ones. However, there is a striking fact to be noted here that the phishing page itself gets installed from within the Facebook site using an iFrame. This makes it look more authentic and convincing than a site hosted on another domain.
The security firm states that the second mail is similar to the first one, but there is one more URL at the end. By clicking on the URL, the user is directed to www.facebook.com wherein a script takes the netizen to another website that contains a phishing webpage.
According to the security lab, both of those attacks made it difficult for a netizen to trace the harmful text straight away from the e-mail. Besides, both the mails have a genuine Facebook URL. Consequently, it makes harder for the anti-filtering techniques to categorize the matter or content, as per the reports by ciol.com in the fourth week of November 2010.
In addition, Facebook also recommends the users to ignore such phishing mails.
Further, Facebook also explains that a phishing mail will usually have spelling and grammatical mistakes. On the other hand, companies spend huge amount of amount of time in conveying their messages in a perfect manner. Also, users should not click the attached link and install security software immediately.
Related article: Facebook Users Should be Careful of a Computer Virus
» SPAMfighter News - 13-12-2010