Facebook Phishing Scam

Facebook Phishing "Look at you haha:P" Scam

It was only a matter of time before phishing scams hit the walls of Facebook users. It all begins as a confirmed friend — whose account has been compormised — posts a link on ¬†another friend’s wall. As the unsuspecting user clicks on the link, they are logged out of Facebook and re-directed to a different domain that looks just like the official Facebook site. Once the user logs in, credentials such as username and password have been given to the malicious site.

The app.facebook.com link logs you out

The app.facebook.com link logs you out

Don’t be a victim! This just happened a few minutes ago. As you can see in the first image above, there is a link given to http://apps.facebook.com/yourvideohah?qctt (don’t navigate to this site by the way). Right from the start there was something fishy phishy about the link. Usually video links come from youtube.com and not from apps.facebook.com. I clicked on it anyway just to see what it was and sure enough. I was logged off and re-directed to http://www.yoddle.net/media/index3.php (again, don’t navigate to this site).

If you think your account has been compromised, immediately change your password  at https://www.facebook.com/editaccount.php. Always always always make sure that when you login the domain begins with www.facebook.com, the same goes for any email sites or banking sites to name a few.

Re-directs you to yoddle.net

Re-directs you to yoddle.net

It is really easy for us to forget safe social networking. Especially since links can come from people we know as it was in my case. This is why the scams are unfortunately, so prevalent. Facebook has setup a Phishing Scam Awareness page with the following tips.

Facebook Phishing Scam Awareness


A phishing scam is when someone fraudulently and illegally imitates a trustworthy source to steal usernames, passwords, credit cards info, etc.

It can not only occur through e-mail, but also through wall posts, facebook messages, and Facebook chat.


If you think you have had your account compromised, immediately change your Facebook password at https://www.facebook.com/editaccount.php

Also, report the scam to Facebook by sending an e-mail to privacy@facebook.com


Before entering any sensitive information like usernames or passwords, make sure you are on facebook.com and not a similar, but different domain.

Read the Facebook blog for suggestions and what they’re doing to help: http://blog.new.facebook.com/blog.php?post=25844207130


It is easy to make a domain name (thus a URL, or web address) look legitimate when it is fraudulent. The only part of a domain name that is unique to the owner is the part immediately before the .com or .org, etc. So anything that ends with facebook.com (like ilstu.facebook.com, or photos-d.ak.facebook.com) with no single forward slash (/) to the left of it, is legitimately Facebook. A website can include the term “facebook” before the domain in something called a subdomain. For instance, an address like this looks moderately legitimate: facebook.com.profile.php.id.335781.com. But a closer look reveals that the domain is actually 335781.com. The rest of the terms are subdomains. So always check the domain before you share personal info. For more on the anatomy of URLs (web addresses) take a look at the images in this group’s photo gallery below.


1) Why would someone want to steal Facebook e-mails and passwords? If a phisher steals your profile, they have access to the trust of all of your friends, which can lead to manipulation (called “social engineering” – see the “London scam” below). Phishers may also attempt to use your password on other online accounts associated with your e-mail address.

2) Why is it so urgent that word gets out about this? Imagine this scenario: The scam starts with one person who has 300 friends, so it gets sent to 300 people. Even if only 1% of people fall for it, 3 more account logins have been collected and compromised. The next day, wall posts are sent out from 3 accounts to a total of 900 people. 9 more people fall for it, and the total of compromised accounts is 13. If this trend continues daily, by the end of the week, over 300,000 people have come into contact with the scam, and the phishers have unauthorized access to over 3,000 Facebook accounts. By 14 days, over 2 million Facebook profiles have been compromised. This can spread like wildfire if people are unaware of the scam.

[ Source: http://www.facebook.com/group.php?gid=9874388706 ]

Constant vigilance!

« »