We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Facebook subject to second Phishing attack

Social network says attacks are commonplace

Facebook users have once again hit by a phishing attack that aims to steal their login details.

This latest attack, which encourages users to enter their log-in credentials at a fraudulent site, has been active for two days and can be traced back to FBstarter.com, BAction.net and possibly others. The viral phishing infection then spreads via emails sent to all of a Facebook user's contacts.

Ryan McGeehan, threat analyst for Facebook, said phishing attacks are a fairly commonplace occurrence at the Facebook site, occurring every few weeks.

While he wasn't ready to release specific numbers concerning how many of Facebook's 200 million users may have been victimised by the latest round of scams, he said Facebook has taken firm steps to repel the attacks.

"We've seen attacks like these before," said McGeehan, whose job is to identity and respond to security events. "We expect them. It's nothing out of the ordinary."

Facebook users, he said, remain the front line of defence, notifying Facebook that phishing fraud appears to be underway, typically by letting Facebook know about it through the site's security page.

Facebook then takes steps to "remove and clean" traces of the phishing by running a script. Users typically have to re-set their passwords, too. Facebook also relies on security firm MarkMonitor to tackle clean-up at various servers as well as go after the domain registrars for the identified phishing sites to get them shut down.

Blacklists supplied to Microsoft and Google also help to block the phishing fraud sites at the browser level.

McGeehan said education of users about the threat, remains one of the main ways to try and prevent phishing at Facebook. He said that it appears the phishing attacks against Facebook and its users that surge from time to time do appear to be clearly oriented to provide the attackers with a way to make money via click-throughs for ads. When there are high volumes of phishing, it's easy to spot, but the tougher attacks are those that are more subtle, he said.

Network World


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia