The Messaging Times

Exploring email marketing and other online marketing channels

Advertisement

RT : Email deliverability: don’t always blame the ESP, here’s what you can do!

Phishing on Facebook

May 26
|

Phishing isn’t new, and it isn’t even new to Facebook. But recently, there seems to be a wave of phishing activity soaking the popular social networking site. The consequences of phishing are real. Just last week, a friend of mine wired her friend a few thousand dollars after receiving an alarming message from her on Facebook requesting that money be sent urgently to get her out of a very serious problem. The only problem was that her friend never sent the message and never received the money. The scam was accomplished. But how?

Basically, the new Facebook phishing scam works like this.

  1. You receive an email or IM or Skype that prompts you to visit a site that you think is associated with Facebook. I mean, it looks like a Facebook login page after all. Unfortunately, it is just a page masquerading as Facebook so that you are willing to enter your login details.
  2. With your login information, the phishers login to your Facebook account (usually changing the password to take control of the page from you completely) and use your identity to influence your friends.
  3. Here, they can send your friends private messages and start running all sorts of scams.

The reason why phishing on social networking sites like Facebook is so effective is that the scammers can take advantage of the established trust between friends. Marketers leverage this trust, albeit in more legitimate ways, all the time. Email marketers develop robust forward-to-a-friend (FTAF) strategies. Word of Mouth (WOM) marketing campaigns are designed completely around the value of ideas spreading from friend to friend. There is no substitute for the value of a friend’s recommendation.

So, if you receive message of any sort telling you that:

  1. “somebody blogged something bad about you, go login to see what they said…”, or
  2. “hey, did you see your profile picture on this website?…”, or
  3. “hey, login to this facebook page to get a free Macy’s card…”, or
  4. “there’s this friend of mine on Facebook who thinks you’re really cool, visit their profile at …”

… beware

When phishing meets social networking, the problems spread much faster. It’s like the scammers walk into a room full of dominoes stacked up – they just need to knock the first one before the others become very vulnerable. That’s why, although phishing isn’t a new phenomena, it is a bit more serious today as we are all much more closely connected through online social networks.

“…in the latest attack, messages that link to the website fbstarter.com or fbaction.net are “phishing scams”, which take the user to a credible-looking website that is in fact a facade: like the buildings in a Western film, there’s nothing behind them but a system recording the details that are supplied, enabling criminals to use them. Given a user’s name and password, anyone can log in as that person, change their password and send on the same phishing message to the victim’s friends.

Taking control of the Facebook profile is a staging post. The overall purpose is to eventually send out links to malicious software that can take control of people’s computers and compromise bank accounts and credit card details…” keep reading

The consequences of phishing can be very serious. Just ask my friend.

Comments

One Response to “Phishing on Facebook”

  1. RichardOn says:
    May 26, 2009 at 3:22 pm

    Interesting site, but much advertisments on him. Shall read as subscription, rss.

    Reply

Write a Comment

Tagged as: , , , , , , , , , ,