The more popular something is, the more people want to use it as a way to scam people. An example would be the recent swine flu related spam attacks, and these are phishing scams that sends Facebook users to fake login sites (today fbstarter.com, yesterday fbaction.net).
While fbaction.net has been taken down, go to fbstarter.com and it com sure looks like a lot like some sort of Facebook login page, doesn't it (see attached pic)?
What's happening is people are getting "Facebook messages" supposedly from other users that basically just say "Look at this" and have the link that takes them to fbstarter.com. Once you enter your username / password there, you've basically delivered your login credentials to the scammer.
Now, fbstarter.com sure looks suspiciously like fbaction.net. Personally, if you're alert to the important aspects of watching out for phishing, such as:
- Don't use links delivered in emails or IM to login to any site
- If you do, make sure the site's URL looks like what you are expecting
- Email the site / organization / business in question if you are unsure
Of course, while some (not me) store credit cards information in their Facebook account, most of the information for a credit card is redacted anyway (though I suppose a scammer could use your credit card to buy something on the site).
The main reason, I would think, that scammers would want your login info is because many people use the same login info everywhere. Definitely a bad idea, but something many people do.
If you've fallen for either of these phishing scams already, change your Facebook password immediately (if the scammers haven't already locked you out). And, if that's happened and it's the same password you use for your Amazon.com, eBay, or other types of accounts, you could be in big trouble.
Interested in learning about avoiding phishing scams? I wrote earlier about a free online game developed by Carnegie-Mellon that teaches how to avoid it.
No comments:
Post a Comment