November 05, 2009Facebook Login Credentials Phishing
Here's a believable phishing message aimed at capturing Facebook accounts and username/password pairs to accomplish a variety of nastiness:
From: "Facebook" <firstname.lastname@example.org>
Subject: New login system
Dear Facebook user,
In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Please click on the link below to update your account online now:
If you have any questions, reference our New User Guide.
The Facebook Team
It was easy for me to recognize this as a fake from the inbox listing because I'm one of the few remaining people on Earth who doesn't have a Facebook account. But even if you're a Facebook user, any email message that talks about security, logging in, or passwords should set your Suspicion switch to High. This carefully crafted message uses a long URL that looks to be to facebook.com — unless you understand how URLs work, in which case you'd see that the URL is actually to a .eu domain. Moreover, the URL and very Facebook-looking phishing page at the URL destination are wired to display your login name (email address) already filled into the login form — most likely just like a real Facebook login page.
Many malware followers wonder how any user could be fooled into yielding login credentials to a phisher, even after so much publicity about such attacks. This is how.