I received another beautiful phishing scam today. I’m used to receive those from fake Paypal emails, from fake Facebook emails or from a fake bank, but this was actually the first time I saw one within Facebook itself. Giving that Facebook now has more then 600 million users, and that the site itself is incredibly viral, those kind of fraud could be amazingly successful. This is why I think we need to talk about it as much as possible so we can educate as many people as we can.
So here is what happened. I received a notification from Facebook that someone had posted a message on my wall. A legitimate email. Someone did really post on my wall. Then a few seconds later, I received the very same email. In less then a few seconds, the very same person posted on my wall, the exact same message. This is the first sign that should tell you something is wrong. Another interesting fact, was that this person does not post on my wall very often. Second sign.
So I went to my Facebook wall, and here they were: the 2 identical messages:
Now, let’s look more closely at those messages. First, they look spammy: a generic message trying to make you curious, and insinuating that there would be photos of you in a weird situation. Of course, anyone would want to know!
Then, let’s look at the link. First, just under the link, we can see that it is a Facebook app: we can see app.facebook.com. Putting my mouse over the link « Check your video out… » I can see in the status bar of my browser (bottom left) that it points to apps.facebook.com/crazynessright. So the name of the app is « crazynessright ». I took 3 seconds to google it. Nothing found. This is the third warning sign: if you develop a Facebook app, you will promote it on the web. If I cannot find any reference to a Facebook app on Google, then something is wrong.
But let’s click on the link anyway, just to see :-). When you do this, you are brought to the usual permissions window where you would have to give the application some permissions. But the interesting thing is, that window only stays there for a second and then you are redirected to the masterpiece of this scam: the phishing page:
This page looks exactly like a typical Facebook login page with the exception of one error. It’s funny how these guys are never able to get it perfectly right ;-). Look at the bottom left. It says « Facebook © 2010″. We are in 2011 folks, and on the real Facebook, it says 2011 ;-).
But the real way to easily find out that this is a scam: look at the adress bar. ALWAYS look at the address bar. If you are on the real Facebook site, the domain name will be facebook.com. If it’s a scam, it will NEVER be on facebook.com. And what do we have now ? j48aj22la.com. Nice domain name, wouldn’t you say ?
When you see this, close the window, and get back on the real Facebook site :-).
Now, what are they trying to achieve ?
Very good question. You see, most people, when they see a login screen looking like a site they know, they will intuitively enter their username and password. And of course, since it’s a scam, it gives to the criminal minds who developed this fraud, your Facebook username and password. And with this, they can do anything they want. They can send private message to your friends, they can change your profile, and of course, they can post on all your friends’ walls and try to get more victims…
What do I do if I did give them my username and password ?
Another excellent question. First of all, you should NOT do it again :-). Then, click on this link: http://www.facebook.com/hacked and follow the instructions. This will secure your account and ensure the hackers can do nothing more with your account.
Hope it helps someone! Please share your comments below if you have any. Thanks!
Awesome article.