Issue 116 - July 2011 - Page 14
'New Way to Hack Your Face Book' Warning Message
Message circulating on Facebook warns uses to watch out for notifications that say a friend has commented on your status because links in the notifications lead to a fake Facebook page that will steal login details.
There are no credible reports about a current phishing attack with the characteristics described in this "warning" message. Facebook's built in notification system can no longer be exploited by phishing scammers in the way suggested in the warning. Thus, the message has no real merit as a warning. However, Facebook users should certainly be aware that scammers have often used bogus Facebook emails as a way of enticing people to hand over their login details on fraudulent websites designed to look like real Facebook pages.
Detailed analysis and references below example.
Last updated: 7th June 2011
First published: 7th June 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
THERE IS A NEW WAY TO HACK YOUR FACE BOOK. A NOTIFICATION WILL BE SENT TO AND SAY THAT ONE OF YOUR FRIENDS HAS COMMENTED ON YOUR STATUS, IT WILL OPEN A NEW PAGE & TELL YOU TO RE-ENTER YOUR FACE BOOK USER NAME & PASSWORD. CAUTION!! THIS PAGE LOOKS JUST LIKE YOUR FACE BOOK LOGIN PAGE, SO BE ON THE LOOKOUT!! PLEASE RE-POST THIS!! BE AWARE FRIENDS :)
This urgent sounding, ALL CAPS "hacker alert" has been circulating continually around Facebook since at least January, 2011. The message warns users of a "new way" to hack Facebook accounts. According to the message, you should watch out for Facebook notifications that inform you that a friend has commented on your status, because clicking the link in the notification will open a fake Facebook page designed to steal your login details. The message exhorts users to pass on the information to make others aware of the supposed new threat.
However, the message is too vague and misleading to have any real merit as a warning. Firstly, by its use of the word "notification", the warning implies that the malicious messages are being sent via Facebook's own onsite notification system. However, while at one point rogue Facebook applications could make malicious use of the Facebook notification system, this ability has long since been restricted. Thus, it is not possible for scammers to use Facebook's notification system for phishing attacks like the one described in the "warning".
Secondly, although the warning has now been circulating continually for several months, there are no credible security alerts about a phishing attack with the characteristics of the one described in the message. While the warning has popped up over and over again all across Facebook for months, no believable reports about actual instances of the supposed attack have surfaced.
Thus, sending on such an outdated and inaccurate warnings will not help Facebook uses stay secure. In fact, such pointless warnings do nothing more than clutter Facebook news feeds with even more useless information.
That said, users should certainly be aware that scammers have repeatedly used phishing attacks
designed to steal their Facebook login details and such attacks are likely to continue. Often, such attacks are conducted via phishing scam emails. The emails, which are designed to closely resemble genuine Facebook messages, try to entice recipients to follow a link. Those who do follow the links will be taken to a bogus website designed to look like the genuine Facebook login page. If a user proceeds to login on the bogus site, scammers can then collect his or her login credentials and hijack his or her real Facebook account.
As a security precaution, Facebook users should be cautious of following links in emails even if they appear to be genuine Facebook messages. And, when logging on to Facebook, users should check the web address to make sure they are on the real Facebook site and not a fake, look-a-like phishing site.
But, again, while Facebook phishing attacks are certainly real, sending on misleadingly inaccurate, hopelessly outdated and overly "urgent" warnings about them will do no good whatsoever. To have any merit as a security warning a message needs to contain accurate, detailed, verifiable and up-to-date information. Otherwise, they are likely to do more harm than good.
Facebook Account Update Phishing Scam Email
Pages in this month's issue:
- Amazing Hand Paintings – The Work of Artist Guido Daniele
- F-Secure 'Security Maintenance' Password Phishing Scam
- No Ordinary Bus - Robert Mugabe's Luxury Bus Protest Message
- Rugby World Cup Advance Fee Lottery Scam
- South African Giant Rats Risk Alert
- McDonald's 'Free Dinner Day' Malware Email
- Overblown Facebook Warning: Remove All Profile Pics With Kids
- Exhibit B-5 Viral Video - Girl Gets Hit By Car After Prank Goes Wrong
- Sheikh Zayed House Hoax
- Lightning Storm Meets Volcanic Eruption Photos
- Facebook Warning - Applications Sending Porno Messages in Your Name
- Paypal 'Strange IP from a Different Location' Phishing Scam
- Black Van Child Abduction Alert - Number Plate Ending With 03A
- 'New Way to Hack Your Face Book' Warning Message
- Western Union 'Too Many Login Attempts' Phishing Scam
- Domain Name Application Scam
- Direct TV Treatment of Joplin Tornado Victims Protest Message
- Diversity Visa Lottery Green Card Scam
- Becoming a Father or Mother Facebook Group Pedophile Warning Hoax
- Elephant 'Road Rage' in South Africa