By Suzanne Choney
A Facebook e-mail phishing scheme was discovered early Thursday among users of the popular social networking site who may have inadvertently clicked on a fraudulent Web link included in a Facebook message to them.
The bogus link took users out of and away from the real Facebook to a fake Facebook site, where they were asked to log in again, giving their passwords, which may have been captured by those behind the scheme.
Facebook said e-mails with the fake link were blocked within the first few hours of being sent out, and that those who may have fallen for the ruse have had their passwords automatically re-set “so that any data the bad guys have becomes useless very quickly,” said company spokesman Barry Schnitt.
Users who did bite on the phishing lure will receive an e-mail from Facebook notifying them that their passwords have been re-set.
One version of the e-mail went like this: “Richard sent you a message. Subject: Hello. “Check 121.im” with “121.im” as a Web link and fake Facebook page.
The phishing scam grew rapidly because accounts that were compromised “immediately sent out hundreds of messages, all with the same content, with the same link,” Schnitt said. He said it is “too early to tell” how many of Facebook’s 200 million users were affected by the scam.
“We blocked the (fake) URL and that messages that were being sent,” he said. “Then we went into inboxes and walls and deleted that content…Even if you (now have) one of these messages in your account, by the time you try to go to it, it will either be deleted, or when you click on the URL, it won’t take you anywhere.”
Schnitt urged users to make sure their Web browsers are updated to help flag and even block phishing Web sites.
“The other thing they should be is generally suspicious,” he said. “Why is my friend sending me this link, why is my friend using broken English, what is this URL? Those are red flags. Those URLs (Web site addresses) weren’t common URLS. Those should all be red flags for users.”
“People are too quick to click,” said Mary Landesman, senior security researcher for ScanSafe, which provides Web security as a service to businesses.
Some employers have banned the use of Facebook in the workplace, and Landesman says there’s good reason for that.
“I don’t want to say there’s no legitimate business reason to use Facebook, but by and large, it is a non-business application and is being used for non-business purposes,” she said. “And if you have employees at work that are accessing Facebook that fall for one of these e-mails, which could include a worm and infect the computer, then it becomes the enterprise’s problem because they have malware on their computers.
“I don’t want to sound harsh, saying ‘Trust no one,’ but as Web users we have to have a more critical eye, a more discerning eye on what we click on,” Landesman said.
Facebook and other social networking sites, including MySpace, have had previous problems with malware on occasion.
Facebook recently chose the MarkMonitor enterprise security firm to supplement its own security efforts. MarkMonitor noted last month that “social utility leaders such as Facebook can be prime targets for malware attacks due to the brand’s strong appeal which can be used to trick users into being infected and the ability to use the communication platform as a distribution channel.”
