Phishing with Facebook // Jeff Ballweg Web Design // Christchurch

3December

1:07pm

It looks like some folks out there are using a page on Facebook to launch a phishing attack on your

Sample email

Facebook credentials. A page on Facebook page seems to redirect you to a URL defined in the query string. Julie and I have both received emails like the one on the right of this page. They appear to come from Facebook, and contain a that looks something like this.

http://www.facebook.com/l.php?u=http://www.jeffballweg.com

The part after the “?u=” can be any url on the internet, so, in this case, if you click on the link above you’ll be presented with a Facebook page that warns you that you’ll be leaving Facebook and heading to my home page. Of course, my link will cause you no harm – but since you can be redirected anywhere, the actual attack that’s circulating will redirect you to a malicious website.

For the uninitiated, here’s how phishing works: I make a website called www.myTotallyFakeFacebookPage.com and I make it look exactly like the real Facebook. Then I get your email address somehow, either by getting it from someone else or straight spamming it out there. I send you an email that looks just like the emails that Facebook sends, but the link is something like http://www.facebook.com/l.php?u=http://www.myTotallyFakeFacebookPage.com/passwordStealer.php OK, you’re at work thinking you’re about to see videos of goats falling over so you “Continue” on Facebook’s warning page and you’re forwarded to my site. My site then asks you for your Facebook credentials, which you enter because you appear to be on the real Facebook, and I’ve got your password. I then use your credentials to get your name and your friends email addresses and repeat the scheme.

Technically, Facebook hasn’t done anything wrong here, but whenever you make a page like this, there is bound to be someone that will come up with this kind of use for it.

Max Kelly, head of Facebook security wrote a post about Spam recently, but hasn’t mentioned phishing since his post on August 7th. Facebook seems to have created a list of some of the potentially harmful websites, and the warning page says that the link may be malicious. Still, you’d have to be paying attention to avoid trouble.

Looks like this is the same thing that was making the rounds in August 2007, as noted here by TechCrunch. It looks like its undergone a few tweaks, because it’s resurfaced recently.

Tags: Facebook, Internet, Phishing, Worm. Category: Internet.

Reader Comments2

I loved the fainting goat video. That woman’s hairstyle was totally hot in 1990.

-Julie 3 December, 2008 at 7:05 pm

oh man, I can watch those goats fall over again and again.

-Jeff 13 December, 2008 at 3:18 am

Jeff Ballweg

Blog

Projects

Contact

Latest from Twitter

Now Reading

Reader Comments2

Leave a Reply

By Month

By Category