Facebook phishing scam posts dangerous links on friends timelines…

A successful phishing scam has hit Facebook fooling a substantial number of users into compromising their Facebook accounts.

The scam appears to cause a compromised account to post messages onto the timelines of their Facebook friends, as well as a link in the comments section of that post. The content of the messages can vary, but for example, see a screenshot of one such example below –

hi-ya Do you save this picture !!!!
the link, hehe.. http://goo.gl/yZN-removed

(Other recent examples include…)

Check this foolish movieclip HaHa
The link… hehe http://Goo.gl..-removed
check out this silly woman
here’s the link hehe http://www.Goog.le/er-removed

Note all links have used the Google URL-shortener.

Upon clicking the link, we were taken to a familiar sight – the Facebook login page. Only it wasn’t the Facebook login page, rather an external webpage that appeared to look like the Facebook login page (see below.) This is a typical Facebook phishing scam, whereas users who enter their login information into the page will unwittingly send it to scammers.


You can see from the web address that the domain is not Facebook.

For many users, all a scammer needs is your username and password to compromise your account. At this stage compromised accounts are also posting the same (or similar) messages onto the timelines of accounts of that accounts friends, thus spreading the scam across Facebook.

Basically, the scam works like this –

1. User B notices their friend, User A, has posted a message on their timelines and a link in the comments, like in the screenshot near the top of this article.
2. User B clicks the link and is presented with a spoof Facebook login page.
3. User B enters login information and is directed to another webpage (in our case we were just forwarded to Instagram) but behind the scenes that login information is sent straight to a scammer.
4. Likely using the help of automated software, scammers can access User B’s account in order to post similar messages and links to accounts that are friends with User B, which includes User C.
5. User C sees the post and link that appears to be sent by User B, and clicks the link… and the cycle continues.


Sponsored Content. Continued below...




Phishing scams often spring up on Facebook, highlighting the importance of educating yourself on how to spot and avoid them. Whilst one may be forgiven for clicking the link they see appear on their timeline (after all, it appears to come from a friend) there is no excuse for entering your login information on a spoof website, which is the action that compromises your account.

Always check the URL web address (at the top) on a login screen to ensure it belongs to www.facebook.com. If the web address is different, then the web page does not belong to Facebook, and information you enter into it is likely going to be stolen.

(Remember, having up-to-date reliable security software can block known phishing links sent through social media, such as our editors choice software!)

If you believe you entered your login information onto a spoof website it is important you change your password immediately. It is also recommended to turn on login approvals which is a form of two-factor-authentication that prevents people from logging into your account from unknown devices unless they have an SMS code that is sent to your phone. This can be enabled in your security settings.

For more information on Facebook phishing scams, including popular variants, click here.

Share
Published by
Craig Haley