Facebook Accounts Hijacked to Send Spam in Phishing Scheme

“Are you aware that your profile pix are all over bakespoil-com-you gotta see it?” Messages like this one telling people that their pictures have been posted to unknown sites are spreading across Facebook. In most cases, users will see these messages as “posts” from trusted friends on their Facebook profile pages. Accustomed to trusting their friends and worried about having their photos posted on strange websites, people copy and paste the website link into their browsers, which is when the trouble begins.

This is the latest address-book scam to hit Facebook and it works like a classic phishing scheme. Users receive a message from a trusted friend:

“Did you upload your images at floatclick-com-have you seen it.”

Trusting their friend, the user copies the link into their browser (the links in the Facebook “wall post” are not clickable themselves).

Once the user enters the link, they are brought to a site that will bring up pop-up ads and ask for information including including the user’s email and their friend’s email under the guise of needing this info to show the user their pictures.

This is where the phishing begins. Through any of a number of techniques, the user is “tricked” into providing the site with enough information so that it may access the user’s Facebook account and friend list.

Once this happens, the user’s account is used to send these same messages to all of their friends and the cycle begins again.

Here is a screen shot from a friend’s Facebook account which was hit by this scheme. Over the course of 24 hours, his account sent hundreds of messages to his friends about phony photos. The screen shot below shows a five minute period:

The domains mentioned in the messages are registered to “Victoria David,” which may be a fake name, and appear to have been registered within the last week.

Most phishing schemes are technically simple and rely on trickery to get information such as user names, email and passwords. They are surprisingly effective, sometimes more so than more advanced hacks and viruses. For example, although most of the contacts on my friend’s Facebook list are very technically savvy people with the latest anti-virus software, several willingly went to the phishing sites and gave up their personal information despite the fact that, 1. the posts were grammatically incorrect and our friend is a writer, and 2. they had never posted their messages to any of the listed websites. They visited the sites simply because it didn’t enter their minds that a friend would send them to a scam site -and of course he didn’t, but the phishing scheme that hijacked his Facebook account did.

The same common sense approach that one uses in email -never click on or visit an unknown link, even from a friend- applies here. Most people on my friend’s list did the right thing, which was to either ask him if the message was really from him or, knowing that it couldn’t be, they simply deleted it so that no one else seeing their Facebook wall would read it and get taken in.

Update Dec 29 – Here are some of the names of sites being used in this scheme: hiderush.com, bakespoil.com, floatclick.com, wagfloat.com, climbfloat.com, swimstroll.com, boastsing.com, spoilsail.com, mixclang.com, blinksnap.com, poachbang.com, cutboast.com, stuffrattle.com, wrestlegrowl.com, screechclimb.com, laughrattle.com, blendgrowl.com, stuffcrush.com, blinksnap.com

Often times these links are shown as nonclickable (eg hiderush – com, floatclick – com, bakespoil – com, wagfloat-com, etc.)

Some examples of posts are:

“I heard your profile pictures are on boastsing-com-take a look”
“since when have your pics been up on spoilsail-com-check it out.”
“your pics are on mixclang-com-check it out.”
“Has anyone told you there’s a website showing your pictures its laughrattle-com-check it out”
“did your see that cool site with your pictures on it wrestlegrowl-com-you gotta see it.”

Popularity: 100% [?]

Share / Blog / Twit / Post
  • TwitThis
  • Digg
  • Facebook
  • Furl
  • Google Bookmarks
  • NewsVine
  • Pownce
  • Slashdot
  • StumbleUpon
  • TailRank
  • Technorati

Related posts

Posted in: Crime / Scams, News

Tags: , , , ,

This entry was posted on Thursday, December 25th, 2008 at 11:50 am and is filed under Crime / Scams, News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

24 Responses to “Facebook Accounts Hijacked to Send Spam in Phishing Scheme”

Candise Ramsey December 27th, 2008 at 7:12 am

I received an email that I am on Floatclick, what do I do?

Nerene December 27th, 2008 at 8:32 am

How do I check whether my profile has been hijacked? Please advise.

Thanks
Nerene

Jen Hunt December 27th, 2008 at 5:21 pm

How do I stop them from hacking my pics and how mch trouble will this cause???

oddbits December 29th, 2008 at 10:33 am

Nerene – If your profile has been hijacked, chances are a friend will mention it and/or ask if you have posted a message. You can also check your notifications (look in the lower right corner of the screen on FB for an icon that looks a little like a sign and click) to see if it says you’ve posted on friend’s walls when you haven’t intentionally done so.

Jen – Do not click on links, even from friends. Always open links from trusted sites (eg amazon.com) in a new browser, and never click on sites you do not know, such as unknown “photo sites”.

Candise – Ignore the email. You are not really on Floatclick. If you visit the site it will record your username and password information and possibly gain access to your email address book.

rebecca December 30th, 2008 at 6:23 am

I also got this notification from a friend… I was pretty upset thinking about my kids pics being on some site without my permission, and went to the site (stupid!!!)Anyway, I put in the info and luckily used a “password” that I do use on some sites but not facebook or anything with info. I immediately realized my mistake and went and changed all the places that I do use that pw. Anyway, my question really is is there anything this program does besides try to hack into people’s facebook accounts? Do I need to worry about keystrokes being recorded or anything? I’m a little jumpy because a good friend just got her bank account hacked into and emptied (Not from a facebook virus, but some unknown thing that is being investigated.)

Anyway, any help would be appreciated. Thanks for the info you put here!

Abdulafeez Wando December 30th, 2008 at 6:34 am

yeah

Emily Foster December 30th, 2008 at 9:09 am

I got a message saying my photos were on boastsing.com. I visited the sight just to see what it was (I just typed the address into my browser), and it said it got my profile picture through my IP address. If my facebook is hijacked, what should I do?? If I change my login info on facebook, will that prevent them from being able to mess with it?

Tessa December 30th, 2008 at 10:30 am

I got hit :/ and can’t log on to my account any more.

Is this dangerous?

miriam December 31st, 2008 at 3:34 pm

what the heck?!?! can this really be happening?? i get a mesge frm this guy that told abt my pics being uploaded on this blinksnap-com. is there any way that i can get my pics taken off???

Theresa January 3rd, 2009 at 7:40 am

I got hit too, but I took steps to ensure it does not happen again.

Miriam, ignore that message. Someone is trying to hijack your account.

Kristin January 3rd, 2009 at 9:47 am

Thanks so much for sharing this information! If you go to the site, but don’t actually give any of your information, does that mean that your facebook account has still been compromised? If so, what’s the next step? Get rid of your account altogether and start a new one, or simply create a new password?? Thanks in advance for your assistance!

Johnny January 3rd, 2009 at 9:56 am

I would have to say that your pic really isnt on the site, its just a scam to get you to freak out and enter the information that they are asking you for so they can hijack your account.

Regina January 3rd, 2009 at 2:50 pm

how do you get rid of this?

Twitter Hit With Phishing Attack | Helzerman's Odd Bits January 4th, 2009 at 9:11 pm

[...] to all of users on the victim’s friend list. In this way, the scheme is very similar to the Facebook wall post phishing scam that went around over Christmas. In that version, users were told their photos had been posted to [...]

christe January 7th, 2009 at 11:50 am

i got a message saying my photos were on mixclang.com and floatclick.com.What should i do?

saadu yunusa January 16th, 2009 at 1:48 pm

i think its just a site 4 less busy guyz. sould you guyz be serious

Brandon January 26th, 2009 at 8:55 am

Thanks for the heads-up. I’m wondering if it uses some sort of intuitive method to determine what to write on user walls. I say that because I was just talking about camping / sport climbing this weekend, then I got a post about screechclimb.com from a friend.

Mark Korabelnikov January 27th, 2009 at 5:48 pm

Thank You for posting this..

It explained why I kept getting those posts on my wall…

Mark Korabelnikov January 27th, 2009 at 5:48 pm

I kept getting my pics are on mixclang…

Carol January 29th, 2009 at 1:27 pm

I recieve one of these messages & am stressing out over it. I did not copy & paste, Thank God!
I have warned all my friends.

ansh January 31st, 2009 at 11:55 am

i got hit from thisss…now wat du i have 2 duu???? plz help mee..

pam February 18th, 2009 at 10:35 pm

help a friend said she saw my pics how do u stop this??if you can pls help

Leave a Reply

*
To prove you're a person (not a spam script), type the answer to the math equation shown in the picture. Click on the picture to hear an audio file of the equation.
Click to hear an audio file of the anti-spam equation

Popularity: 100% [?]