Scam sites increasingly masquerading as Facebook, MySpace

Share this article:
Cybercriminals are tapping into the popularity of social networking to more effectively craft their scams.

Increasingly, scam sites have domains that include the names Facebook, MySpace and Twitter, with no connection to the real sites. By using this tactic, called “domain-name cloning,” cybercriminals are making their scam sites appear to be affiliated with these popular social networking sites. Websites with names such as unblock.facebookproxy.com, buy.viagra.twitter.1234.com or hotbabesofmyspace999.com often are phishing websites designed to lure users into handing over sensitive information or downloading malicious code, Jay Liew, security researcher for Websense Labs, told SCMagazineUS.com on Thursday. More than 200,000 phony copycat sites using in their URLs the terms Facebook, MySpace or Twitter have been identified.

This problem may be heightened by a lack of user education, Liew said. Because users are accustomed to looking at websites with the words Facebook, MySpace or Twitter in the URL, it's natural to think those sites are safe.

Many of the domains are proxy avoidance sites that are used to evade traditional web filtering technology, Websense found when analyzing this threat. Liew added that there are a few legitimate proxy avoidance sites, but the majority are operated by scammers who are up to no good and could be stealing usernames and passwords or infecting people with malware, he said.

Some of the scam sites even look like legitimate social networking website login screens, aiming to trick users into handing over their usernames and passwords. Liew said these websites are often part of a phased exploit in which diligent cybercriminals turn website credentials into hard cash.

Liew said that at first cybercriminals use the fake social networking phishing site to obtain usernames and passwords. Then they use compromised social networking accounts to send out malicious links to websites that install malware on users' systems. Next, they wait for an infected user to check their bank account online -- to capture banking credentials. Finally, they log into the user's banking site, and transfer money into an offshore account.

Late last month, Facebook said it had put the brakes on a phishing wave that was trying to dupe members into divulging their login credentials. Phishers sent messages to Facebook users that appeared to come from their "friends" on the site. However, the scammers actually had hacked those accounts, giving them the ability to send messages and impersonate the victim.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.