Facebook Phishing Scam in Full-Effect

(This post was originally drafted on 09-26-10)

Facebook has a new phishing scam to deal with, as hacking into the social network has become a booming business. This one is a phishing scam, using e-mails with the subject "Facebook password has been changed." Phishing scams are those which entice the mark into giving out account, or other personal, information through deceptions which usually indicate the user's account has been suspended, the password needs to be changed for some reason, or the like.

This particular scam bears an attachment. You should never download an attachment from someone you do not know -- actually, I've found it a better practice to just never download attachments you were not expecting, no matter who sent them, as many scams and viruses work by spamming the people found in the infected computer's address book.

This Facebook phishing scam began just one day after another, which used a method called "clickjacking" to do exactly that: Clog the infected user's e-mail accounts with spam and spam everyone in the target's address book.

While Facebook was aware of both scams, and posted them on its Security Page, few users are likely to have seen it -- or even know the site has a Security Page. As the Better Business Bureau (BBB) noted, scammers are targeting Facebook not only because it has so many users, but also because many are young, and many are gullible.

Walletpop has an excellent article on the subject, including the signs to look for when trying to determine if an e-mail is legitimate or not. The Cyberculturalist's advice here is: If it seems phishy or scammy, it probably is.

© C Harris Lynn, 2010