I have been spending some time catching up on facebook today and noticed that a few of my friends have WALL postings that include a url that LOOKS LIKE it goes to a facebook account. But in reality it is really a Numerical Chinese domain name that has subdomains tucked onto it to look like it’s a facebook url.
An example is this one: http://www.facebook.com.profile.php.id.371233.cn
Some of the messages being posted through friends of friends account look like this:
“lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- http://www.facebook.com.profile.php.id.371233.cn”
You’ll notice that the domain name is reall 371233.cn and is made to look like a profile # page on facebook.com - The best solution it to tell your friends through a non-facebook messaging system.
January 2nd, 2008 at 5:04 pm
Bummer - I’ve been waiting for the inevitable fake friend requests to start coming too, from Facebook, Linked in and others
January 3rd, 2008 at 12:35 pm
I was hit, I sent the info to abuse@facebook.com
Below is their answer but it was not from a hacked friend account. Someone that I did not know became my friend (i did not request or approve friendship) and posted on my wall. I saw his profile; I was his only friend. How did they do it to more people? It was the same message as Guy has above. Sounds like an internal FB problem.
—
Thanks for providing this information for this issue, which we are currently investigating. Please only log into Facebook from http://www.facebook.com and https://www.facebook.com/login.php. If you feel that your account is not secure, please change your password immediately. Let me know if you have other questions.
Thanks for contacting Facebook,
January 3rd, 2008 at 4:52 pm
Thanks everyone that has brought this story to at attention of others.
It looks like this story was picked up at Techcrunch.com and Wired.com + many more!
June 9th, 2008 at 2:46 pm
I got caught in facebook phishing n lost my account
June 16th, 2008 at 5:32 am
I stupidly typed in my password and seconds later realised what I’d done. Argh! Changed password and set my status message to warn people.
June 26th, 2008 at 12:58 am
Thank you for this article. I think we should all use https://www.facebook.com instead of http://www.facebook.com https verifies SSL certificates so to be secure always use https when providing user name and password.