We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Facebook subject to second Phishing attack

Social network says attacks are commonplace

Facebook users have once again hit by a phishing attack that aims to steal their login details.

This latest attack, which encourages users to enter their log-in credentials at a fraudulent site, has been active for two days and can be traced back to FBstarter.com, BAction.net and possibly others. The viral phishing infection then spreads via emails sent to all of a Facebook user's contacts.

Ryan McGeehan, threat analyst for Facebook, said phishing attacks are a fairly commonplace occurrence at the Facebook site, occurring every few weeks.

While he wasn't ready to release specific numbers concerning how many of Facebook's 200 million users may have been victimised by the latest round of scams, he said Facebook has taken firm steps to repel the attacks.

"We've seen attacks like these before," said McGeehan, whose job is to identity and respond to security events. "We expect them. It's nothing out of the ordinary."

Facebook users, he said, remain the front line of defence, notifying Facebook that phishing fraud appears to be underway, typically by letting Facebook know about it through the site's security page.

Facebook then takes steps to "remove and clean" traces of the phishing by running a script. Users typically have to re-set their passwords, too. Facebook also relies on security firm MarkMonitor to tackle clean-up at various servers as well as go after the domain registrars for the identified phishing sites to get them shut down.

Blacklists supplied to Microsoft and Google also help to block the phishing fraud sites at the browser level.

McGeehan said education of users about the threat, remains one of the main ways to try and prevent phishing at Facebook. He said that it appears the phishing attacks against Facebook and its users that surge from time to time do appear to be clearly oriented to provide the attackers with a way to make money via click-throughs for ads. When there are high volumes of phishing, it's easy to spot, but the tougher attacks are those that are more subtle, he said.

Network World

IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite