1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Facebook phishing attack...which one of you did it lol

Discussion in 'BlackHat Lounge' started by vegasvillan, May 15, 2009.

  1. vegasvillan

    vegasvillan Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    406
    Likes Received:
    511
    Location:
    NYC
    I thought this was pretty funny and wanted to share

    A Facebook e-mail phishing scheme was discovered early Thursday among users of the popular social networking site who may have inadvertently clicked on a fraudulent Web link included in a Facebook message to them.The bogus link took users out of and away from the real Facebook to a fake Facebook site, where they were asked to log in again, giving their passwords, which may have been captured by those behind the scheme.


    Facebook said e-mails with the fake link were blocked within the first few hours of being sent out, and that those who may have fallen for the ruse have had their passwords automatically re-set "so that any data the bad guys have becomes useless very quickly," said company spokesman Barry Schnitt.


    Users who did bite on the phishing lure will receive an e-mail from Facebook notifying them that their passwords have been re-set.


    One version of the e-mail went like this: "Richard sent you a message. Subject: Hello. "Check 121.im" with "121.im" as a Web link and fake Facebook page.


    The phishing scam grew rapidly because accounts that were compromised "immediately sent out hundreds of messages, all with the same content, with the same link," Schnitt said. He said it is "too early to tell" how many of Facebook's 200 million users were affected by the scam.


    "We blocked the (fake) URL and that messages that were being sent," he said. "Then we went into inboxes and walls and deleted that content...Even if you (now have) one of these messages in your account, by the time you try to go to it, it will either be deleted, or when you click on the URL, it won't take you anywhere."


    Schnitt urged users to make sure their Web browsers are updated to help flag and even block phishing Web sites.


    "The other thing they should be is generally suspicious," he said. "Why is my friend sending me this link, why is my friend using broken English, what is this URL? Those are red flags. Those URLs (Web site addresses) weren't common URLS. Those should all be red flags for users."


    "People are too quick to click," said Mary Landesman, senior security researcher for ScanSafe, which provides Web security as a service to businesses.


    Some employers have banned the use of Facebook in the workplace, and Landesman says there's good reason for that.


    "I don't want to say there's no legitimate business reason to use Facebook, but by and large, it is a non-business application and is being used for non-business purposes," she said. "And if you have employees at work that are accessing Facebook that fall for one of these e-mails, which could include a worm and infect the computer, then it becomes the enterprise's problem because they have malware on their computers.


    "I don't want to sound harsh, saying 'Trust no one,' but as Web users we have to have a more critical eye, a more discerning eye on what we click on," Landesman said.


    Code:
    http://www.msnbc.msn.com/id/30749501/
     
  2. menaice

    menaice Regular Member

    Joined:
    Apr 23, 2009
    Messages:
    207
    Likes Received:
    121
    Location:
    If i> u then exit
    no one is going to admit to that
     
  3. Vendetta

    Vendetta BANNED BANNED

    Joined:
    Apr 20, 2009
    Messages:
    32
    Likes Received:
    122
    Yeah, man, pretty sure phishing is different than blackhat, and there are some things that people won't reveal unless they are absolutely, positively retarded.
     
  4. blackxxxer

    blackxxxer BANNED BANNED

    Joined:
    Oct 29, 2008
    Messages:
    137
    Likes Received:
    57
    thats not blackhat thats "hacking" two different things buddy.
     
  5. vegasvillan

    vegasvillan Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    406
    Likes Received:
    511
    Location:
    NYC
    I doubt anyone here did it...It was a joke and even if they did I know no one would admit it.

    I just thought it was an interesting read


    hahahahahahahahahahahaha
     
  6. laserblast

    laserblast Registered Member

    Joined:
    Jul 29, 2008
    Messages:
    80
    Likes Received:
    24
    Location:
    Seattle/Hawaii
    It baffles me that anyone still falls for the old "type in your password" shit.

    And I highly doubt anyone here was involved with it.
     
  7. rap8557

    rap8557 Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 15, 2008
    Messages:
    1,086
    Likes Received:
    436
    maybe facebook just misunderstood it.. i think the sender is not trying to hack their account, maybe the email thing is a CPA email submit :eek:

    just a thought :D:D
     
  8. heiny

    heiny Regular Member

    Joined:
    Dec 5, 2008
    Messages:
    227
    Likes Received:
    103
    think what u cud do with so many users..but fuk me is facebook tight with their security! no other social network is so quick on the trigger to remove links & reset passwords!!!