Phishers continue to wage war on Facebook, Twitter

Share this article:
Facebook and Twitter continue to battle phishers trying to swipe the login credentials of its hundreds of millions of users.

The latest Facebook scheme, which made the rounds starting Wednesday, delivers messages to users that appear to come from their friends. The correspondences, however, are being sent by fraudsters from hijacked accounts. The messages contain links to websites -- such as areps[dot]at and kirgo[dot]at -- that attempt to mimic the Facebook login page, with the hope that potential victims would assume they were logged out and must re-enter their credentials.

A similar ploy occurred this week on Twitter. Graham Cluley, Sophos' senior technology consultant, said in a blog post Thursday that crafty scammers have created a fake Twitter login page at tvviter[dot]com. Not only is the page content designed to replicate the legitimate Twitter home page, but the two "v"s in the URL are meant to look like a "w," if a user happens to glance at the address bar.

Zulfikar Ramzan, in a post on Symantec's Security Response Blog, said criminals prefer phishing attacks because they are easy to perpetrate and can reach so many people.

"In some cases, social networking sites have even trumped financial services sites in the phishing popularity stakes," Ramzan said. "One reason, I believe, for this trend is that phishers have come to better appreciate the impact of using social context within their attacks...After all, if I receive a message purporting to be from a 'friend,' then I'm much more likely to give that message more attention and potentially follow any instructions it contains."

Users can protect themselves by running an updated browser, such as Internet Explorer 8 or Firefox 3, which contains a phishing blacklist, Ryan McGeehan, an incident response manager on Facebook's security team, wrote in a blog post earlier this month. In addition, they should use different login information at each website they visit to prevent stolen credentials from being used to grant a criminal access somewhere else, he said.

A Facebook spokesman told on Friday that the company has blocked links to the latest phishing sites from being shared on Facebook and is resetting the passwords of victims. The attack impacted a "tiny fraction" of a percent of users, he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Community Health Systems faces lawsuit related to data breach

The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.

Norwegian oil companies targeted in string of attacks

More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.

Possible payment card breach at Dairy Queen stores

Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.