Facebook users have once again hit by a phishing attack that aims to steal their login details.
This latest attack, which encourages users to enter their log-in credentials at a fraudulent site, has been active for two days and can be traced back to FBstarter.com, BAction.net and possibly others. The viral phishing infection then spreads via emails sent to all of a Facebook user's contacts.
Ryan McGeehan, threat analyst for Facebook, said phishing attacks are a fairly commonplace occurrence at the Facebook site, occurring every few weeks.
While he wasn't ready to release specific numbers concerning how many of Facebook's 200 million users may have been victimised by the latest round of scams, he said Facebook has taken firm steps to repel the attacks.
"We've seen attacks like these before," said McGeehan, whose job is to identity and respond to security events. "We expect them. It's nothing out of the ordinary."
Facebook users, he said, remain the front line of defence, notifying Facebook that phishing fraud appears to be underway, typically by letting Facebook know about it through the site's security page.
Facebook then takes steps to "remove and clean" traces of the phishing by running a script. Users typically have to re-set their passwords, too. Facebook also relies on security firm MarkMonitor to tackle clean-up at various servers as well as go after the domain registrars for the identified phishing sites to get them shut down.
McGeehan said education of users about the threat, remains one of the main ways to try and prevent phishing at Facebook. He said that it appears the phishing attacks against Facebook and its users that surge from time to time do appear to be clearly oriented to provide the attackers with a way to make money via click-throughs for ads. When there are high volumes of phishing, it's easy to spot, but the tougher attacks are those that are more subtle, he said.