Not totally photo related, not just a journal. A bit of both.

Thursday, August 21, 2008

Facebook: Now with Wall Spam

So I do my rounds of checking email accounts this morning and find much to my surprise that I have some wall spam on my Facebook page.
hey everyone is talking about this site where you can get your 15 fav ringtones! check it out http://[URL]
I know the person and so I went to their page. Their recent activity is sending out these spams all before 6am and all in the same minute.

The blogger URL when checked, automatically redirects to [RINGTONE URL]

I checked a couple of other pages that the bot posted to, and other people had a slight variations of the one sent to me with the URL different every time.

I also noticed immediately before one of the other wall posts that there was likely a site that probably pretended to be Facebook at first glance. The phishing URL was phonetically quite similar to :
LOL! did you guys see what happened on the news today? check it out http://newvids.[URL].[PHISHING URL].com/
My guess is that more than one person logged into a fake site and provided their information to it thinking at first glance they got booted from Facebook and needed to log back in. With that login info provided, the fake site started to send out spam on their behalf when it had access to their friend's list. Not a difficult thing to do with a bit of social engineering. Doesn't happen on Facebook too often, but it is more of a function of spoofing people to log into a fake site more than a function of Facebook itself or any of the apps that people put on their page. It could happen anywhere.

Been happening on the internets for more than a decade. First time I have personally seen or heard of it on Facebook though. I guess my friends are generally a tech savvy bunch who don't easily fall for those things. A quick Google search did however come up with some results though so it's not an isolated case or two. And seems to be predominately ring tones for some reason. Perhaps because, as Letterman might say "the kids like their ringtones."

Be careful where you enter your usernames and passwords. Whether its Myspace, Facebook, or any site you need to log into. If after clicking a link and it prompts you to log back in, really look at the URL in the address bar. Seeing facebooks, faycebook, fasebook, fakebook and so on mean you are not in Kansas anymore.


Mike Wood Photography

No comments: