RSS Alerts

Share

More services

Related Links

Related Stories

  • Facebook users subject to yet another malware attack
    Researchers from web security firm Websense warned Facebook users earlier today to refrain from clicking on URLs posted on the pages of some famous celebrities – or even people on their friend list – as links to alleged videos were actually portals to malware infection.
  • Facebook users plagued by rogue application
    Facebook was plagued by security and privacy issues both real and imagined in the last week, as a real-life worm battled with an imaginary one in a competition to see which could petrify the service's users the most.
  • Websense protects Facebook users against malware
    Websense has relaunched a spam protection service with a new feature set that protects Facebook users against malware.
  • Facebook and McAfee team up on security
    Facebook has signed McAfee as a supplier to help protect its user base. The two companies have worked on a custom scanning and repair tool, along with education materials that will target the social networking giant's 350 million users.
  • Facebook bolsters online safety efforts
    Facebook is trying to quash concerns over the privacy and safety of its online users, by pulling together several advocacy groups to form a safety advisory board.

Top 5 Stories

News

Facebook phishing attack sweeps social network users

18 March 2010

An attack that scammed Facebook users into divulging their passwords was the sixth most popular piece of malware on the internet this week, according to McAfee.

The attack, which McAfee highlighted in its consumer threat alert on Wednesday, uses a classic email spoofing technique, in which scammers send email purporting to be from Facebook. However, whereas conventional phishing attacks simply invite users to visit a fake website to 'confirm' their login credentials, this mail is designed to infect a computer and harvest more than just the account information for a single social networking service. It tells a Facebook user that their password has been reset, and that they should click on an attachment to receive it.

"Once installed, the password stealer can potentially access any username and password combination utilized on that computer, not just for the user's Facebook account," said McAfee in a statement.

"Facebook would never send an email alerting a user that they changed his or her password," McAfee continued. "Another clue that can signal a user has received a spam email is the use of poor grammar and awkward phrases."

The attack could potentially harvest everything from passwords for other social networks through to online banking credentials, making it particularly insidious for Facebook's base of over 400 million users.

In a global map of targets showing where the scam was targeting Facebook users, North America, Europe, Australia, New Zealand and parts of southeast Asia were particularly heavily hit. Russia seemed to escape relatively unscathed.

McAfee said that its own customers were protected against the scam.

Facebook warned about the email scam briefly on its security blog this week, reiterating that it would never make such requests via email.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012