Facebook hit by phishing attacks

For those who have an account with social networking site Facebook - take care not to click on messages urging you to "check this out". It could be a worm luring you to provide information.

The site has been hit by two phishing attacks on two consecutive days, with a worm prompting users to log on to a fake Facebook page, Facebook spokesman Barry Schnitt has said.

During the two attacks on Wednesday and Thursday, Facebook users got a message from a friend urging them to "check this out" that included a link to a Web page similar to the Facebook log-in page, CNN reported.

But that was a fake site aimed at stealing information of the users when they typed in their username and password, Schnitt said, adding that the worm also accessed the contact list of the user to send more infected links.

Schnitt said once they detected such a phishing attack, either by members notifying the company or employees noticing that a URL is being distributed to a lot of people, the company "deletes the URL from members' pages, blocks fresh postings, and removes the redirect to the URL that appears in e-mail messages".

The company has also alerted anti-fraud partner MarkMonitor, which passed the phishing URL to the major browsers to block it and contacted ISPs to take the site down, according to Schnitt.

He suggested that users should make sure that the URL they are visiting says "www.facebook.com". If it doesn't use that domain it's likely to be spam.

Also, members already logged on to Facebook will not be asked to log in again.

"People should have a healthy dose of suspicion, and ask themselves 'why did I get logged out?'" Schnitt said. "If something looks a little strange you should check the address bar."

First Published: May 02, 2009 01:13 IST