Updated: Phishing campaign launched against unsuspecting Facebook members

Chicago (IL) –  An unspecified number of Facebook members have received malicious e-mails redirecting them to external websites. The sites, which included www.151.im, www.121.im and www.123.im, harvested user names and passwords after unsuspecting members supplied their Facebook login information upon request.

A Facebook spokesman told the New York Times that Facebook was “blocking links to new phishing sites, cleaning up phony messages and Wall posts and resetting the passwords of affected users.”

The latest phishing attack follows a similar campaign in late April, when members were bombarded with e-mails that redirected them to malicious websites resembling the Facebook login page.

A Facebook spokesperson told TG Daily that users should ensure their address bar is set to www.facebook.com “and nothing else” during the log-in process. In addition, the spokesperson encouraged Facebook members to be “very suspicious of any message, post or link” that requires an additional log-in.

“That should not happen,” said the spokesperson.

The popular social networking site has enlisted the help of MarkMonitor AntiFraud Solutions to help protect Facebook users against malware attacks. MarkMonitor reportedly adds spoofed URLs to their browser blacklists and works to get the sites taken down.

“The meteoric success of Facebook makes it a natural target for malware attacks that seek to capitalize on their trusted and recognizable brand,” explained Frederick Felman of MarkMonitor. “Our experience protecting Fortune 500 companies, as well as our close day-to-day interaction with Facebook’s own dedicated security team, allows us to expertly address Facebook’s concerns about malware and phishing, and to help protect their platform and their users from ongoing attacks.”

A Facebook spokesperson adds:

We’re aware of the attack and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users. We think this is related to the fbaction.net/fbstarter.com campaign of a couple weeks ago.

Protect yourself by always following a few key rules of thumb when you’re online:

  • Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
  • Use unique logins and passwords for each of the websites you use.
  • Check to see that you’re logging in from a legitimate Facebook page with the facebook.com domain.
  • Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.

It is important that impacted users reset all accounts (not just Facebook) that use the same credentials. We believe the bad guys here are phishing an account and then trying those credentials on webmail providers. So, for example, if a user is compromised on Facebook and has the same login and password for their gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future.  This is one of the reasons why people need unique passwords for their online accounts.

Become a fan of the Facebook Security Page for more updates on new threats as well as helpful information on how to protect yourself online.