Phishing [Wikipedia] is nothing new. The bad guys have been spamming our inboxes for a long, long time hoping we'll click on some bogus link and provide them with important personal info like usernames, passwords, and credit card numbers.
Attacks like this rarely limit themselves to one avenue. So where do the bad guys go to find victims when they're not busy spamming? Why, the world's number one social networking site, of course!
Yep. Facebook, with its millions of users and juicy apps platform make it the perfect place for this type of vermin to set up shop. Trend Micro has found several phishing scams before that lured people to fake (but convincing) Facebook sites to harvest data. Now, however, they're doing it to you from the inside.
Trend researchers have discovered three applications so far that run on the Facebook apps platform. They can post notifications to your timeline, just like any legitimate app. The actual phishing is still done off-site, but the look is very, very convincing and you're returned to your Facebook profile afterward. It looks innocent enough, but once you've entered your credentials there's no telling what someone has planned for them.
Once Facebook receives notice that something like this is going on, the apps are typically shut down very quickly. They can, however, reappear with different names and the same old tricks.
How do you protect yourself? Many antivirus products include some element of phishing defense, but you may also want to use additional protection like WebOfTrust or AVG's LinkScanner. They'll notify you with big, read warnings when you're on a website that isn't trusted.
Apart from that, be careful what apps you install and make sure you only enter your Facebook username and password on Facebook.com. If the domain in your web browser's address bar doesn't match, exercise caution.
No comments:
Post a Comment