Phishers are having a field day with Facebook and Twitter.
A new phishing scam hit Facebook users that, like others in recent weeks, sends them to a Web site which steals their log-in information and also secretly downloads malware onto computers when they visit the malicious Web site in what is known as a "drive-by download."
Meanwhile, Twitter users were getting messages from new followers that were posting links to a fake Twitter site with "tvvitter" in the tiny URL, Graham Cluley of Sophos wrote in his blog. His blog has a video of the phishing attack in action. Twitter representatives did not immediately respond to e-mails seeking comment.
In the Facebook attack, messages circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".
Preventive measures for Facebook:
--Use an up-to-date browser that features an anti-phishing black list.
-Use unique logins and passwords for each of the Web sites you use.
--Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
--Be cautious of any message, post, or link you find on Facebook that looks suspicious or requires an additional login.
--It is important that impacted users reset all accounts (not just Facebook) that use the same credentials. We believe the bad guys here are phishing an account and then trying those credentials on webmail providers. So, for example, if a user is compromised on Facebook and has the same login and password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future. This is one of the reasons why people need unique passwords for their online accounts.
--Become a fan of the Facebook Security Page (www.facebook.com/security) for more updates on new threats as well as helpful information on how to protect yourself online.
0 comments:
Post a Comment