Phishers continue to wage war on Facebook, Twitter

Share this article:
Facebook and Twitter continue to battle phishers trying to swipe the login credentials of its hundreds of millions of users.

The latest Facebook scheme, which made the rounds starting Wednesday, delivers messages to users that appear to come from their friends. The correspondences, however, are being sent by fraudsters from hijacked accounts. The messages contain links to websites -- such as areps[dot]at and kirgo[dot]at -- that attempt to mimic the Facebook login page, with the hope that potential victims would assume they were logged out and must re-enter their credentials.

A similar ploy occurred this week on Twitter. Graham Cluley, Sophos' senior technology consultant, said in a blog post Thursday that crafty scammers have created a fake Twitter login page at tvviter[dot]com. Not only is the page content designed to replicate the legitimate Twitter home page, but the two "v"s in the URL are meant to look like a "w," if a user happens to glance at the address bar.

Zulfikar Ramzan, in a post on Symantec's Security Response Blog, said criminals prefer phishing attacks because they are easy to perpetrate and can reach so many people.

"In some cases, social networking sites have even trumped financial services sites in the phishing popularity stakes," Ramzan said. "One reason, I believe, for this trend is that phishers have come to better appreciate the impact of using social context within their attacks...After all, if I receive a message purporting to be from a 'friend,' then I'm much more likely to give that message more attention and potentially follow any instructions it contains."

Users can protect themselves by running an updated browser, such as Internet Explorer 8 or Firefox 3, which contains a phishing blacklist, Ryan McGeehan, an incident response manager on Facebook's security team, wrote in a blog post earlier this month. In addition, they should use different login information at each website they visit to prevent stolen credentials from being used to grant a criminal access somewhere else, he said.

A Facebook spokesman told SCMagazineUS.com on Friday that the company has blocked links to the latest phishing sites from being shared on Facebook and is resetting the passwords of victims. The attack impacted a "tiny fraction" of a percent of users, he said.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.