Phishers continue to wage war on Facebook, Twitter

Share this article:
Facebook and Twitter continue to battle phishers trying to swipe the login credentials of its hundreds of millions of users.

The latest Facebook scheme, which made the rounds starting Wednesday, delivers messages to users that appear to come from their friends. The correspondences, however, are being sent by fraudsters from hijacked accounts. The messages contain links to websites -- such as areps[dot]at and kirgo[dot]at -- that attempt to mimic the Facebook login page, with the hope that potential victims would assume they were logged out and must re-enter their credentials.

A similar ploy occurred this week on Twitter. Graham Cluley, Sophos' senior technology consultant, said in a blog post Thursday that crafty scammers have created a fake Twitter login page at tvviter[dot]com. Not only is the page content designed to replicate the legitimate Twitter home page, but the two "v"s in the URL are meant to look like a "w," if a user happens to glance at the address bar.

Zulfikar Ramzan, in a post on Symantec's Security Response Blog, said criminals prefer phishing attacks because they are easy to perpetrate and can reach so many people.

"In some cases, social networking sites have even trumped financial services sites in the phishing popularity stakes," Ramzan said. "One reason, I believe, for this trend is that phishers have come to better appreciate the impact of using social context within their attacks...After all, if I receive a message purporting to be from a 'friend,' then I'm much more likely to give that message more attention and potentially follow any instructions it contains."

Users can protect themselves by running an updated browser, such as Internet Explorer 8 or Firefox 3, which contains a phishing blacklist, Ryan McGeehan, an incident response manager on Facebook's security team, wrote in a blog post earlier this month. In addition, they should use different login information at each website they visit to prevent stolen credentials from being used to grant a criminal access somewhere else, he said.

A Facebook spokesman told SCMagazineUS.com on Friday that the company has blocked links to the latest phishing sites from being shared on Facebook and is resetting the passwords of victims. The attack impacted a "tiny fraction" of a percent of users, he said.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.