The latest Facebook scheme, which made the rounds starting Wednesday, delivers messages to users that appear to come from their friends. The correspondences, however, are being sent by fraudsters from hijacked accounts. The messages contain links to websites -- such as areps[dot]at and kirgo[dot]at -- that attempt to mimic the Facebook login page, with the hope that potential victims would assume they were logged out and must re-enter their credentials.
A similar ploy occurred this week on Twitter. Graham Cluley, Sophos' senior technology consultant, said in a blog post Thursday that crafty scammers have created a fake Twitter login page at tvviter[dot]com. Not only is the page content designed to replicate the legitimate Twitter home page, but the two "v"s in the URL are meant to look like a "w," if a user happens to glance at the address bar.
Zulfikar Ramzan, in a post on Symantec's Security Response Blog, said criminals prefer phishing attacks because they are easy to perpetrate and can reach so many people.
"In some cases, social networking sites have even trumped financial services sites in the phishing popularity stakes," Ramzan said. "One reason, I believe, for this trend is that phishers have come to better appreciate the impact of using social context within their attacks...After all, if I receive a message purporting to be from a 'friend,' then I'm much more likely to give that message more attention and potentially follow any instructions it contains."
Users can protect themselves by running an updated browser, such as Internet Explorer 8 or Firefox 3, which contains a phishing blacklist, Ryan McGeehan, an incident response manager on Facebook's security team, wrote in a blog post earlier this month. In addition, they should use different login information at each website they visit to prevent stolen credentials from being used to grant a criminal access somewhere else, he said.
A Facebook spokesman told SCMagazineUS.com on Friday that the company has blocked links to the latest phishing sites from being shared on Facebook and is resetting the passwords of victims. The attack impacted a "tiny fraction" of a percent of users, he said.