RSS

Facebook Phishing - Your Friends may have hacked accounts

Wed, Jan 2, 2008

, ,

I have been spending some time catching up on facebook today and noticed that a few of my friends have WALL postings that include a url that LOOKS LIKE it goes to a facebook account. But in reality it is really a Numerical Chinese domain name that has subdomains tucked onto it to look like it’s a facebook url.

An example is this one: http://www.facebook.com.profile.php.id.371233.cn

Some of the messages being posted through friends of friends account look like this:

“lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn”

You’ll notice that the domain name is reall 371233.cn and is made to look like a profile # page on facebook.com - The best solution it to tell your friends through a non-facebook messaging system.

This post was written by:

admin - who has written 221 posts on Scott Fish.


Contact the author

6 Comments For This Post

  1. Scott Hendison Says:

    Bummer - I’ve been waiting for the inevitable fake friend requests to start coming too, from Facebook, Linked in and others

  2. Julio Says:

    I was hit, I sent the info to abuse@facebook.com

    Below is their answer but it was not from a hacked friend account. Someone that I did not know became my friend (i did not request or approve friendship) and posted on my wall. I saw his profile; I was his only friend. How did they do it to more people? It was the same message as Guy has above. Sounds like an internal FB problem.

    Thanks for providing this information for this issue, which we are currently investigating. Please only log into Facebook from http://www.facebook.com and https://www.facebook.com/login.php. If you feel that your account is not secure, please change your password immediately. Let me know if you have other questions.

    Thanks for contacting Facebook,

  3. admin Says:

    Thanks everyone that has brought this story to at attention of others.

    It looks like this story was picked up at Techcrunch.com and Wired.com + many more!

  4. Hussain Jaufar Says:

    I got caught in facebook phishing n lost my account

  5. Andy Says:

    I stupidly typed in my password and seconds later realised what I’d done. Argh! Changed password and set my status message to warn people.

  6. Dijkstra Says:

    Thank you for this article. I think we should all use https://www.facebook.com instead of http://www.facebook.com https verifies SSL certificates so to be secure always use https when providing user name and password.

1 Trackbacks For This Post

  1. Phishing For Facebook Says:

    [...] with a bunch of Facebook user account credentials, but phishing scams seem to be hitting the site. Scott Fish notes that some users are seeing Wall posts that contain links to phishing sites to gather Facebook [...]

Leave a Reply