Helzerman’s Odd Bits

Facebook Accounts Hijacked to Send Spam in Phishing Scheme

“Are you aware that your profile pix are all over bakespoil-com-you gotta see it?” Messages like this one telling people that their pictures have been posted to unknown sites are spreading across Facebook. In most cases, users will see these messages as “posts” from trusted friends on their Facebook profile pages. Accustomed to trusting their friends and worried about having their photos posted on strange websites, people copy and paste the website link into their browsers, which is when the trouble begins.

This is the latest address-book scam to hit Facebook and it works like a classic phishing scheme. Users receive a message from a trusted friend:

“Did you upload your images at floatclick-com-have you seen it.”

Trusting their friend, the user copies the link into their browser (the links in the Facebook “wall post” are not clickable themselves).

Once the user enters the link, they are brought to a site that will bring up pop-up ads and ask for information including including the user’s email and their friend’s email under the guise of needing this info to show the user their pictures.

This is where the phishing begins. Through any of a number of techniques, the user is “tricked” into providing the site with enough information so that it may access the user’s Facebook account and friend list.

Once this happens, the user’s account is used to send these same messages to all of their friends and the cycle begins again.

Here is a screen shot from a friend’s Facebook account which was hit by this scheme. Over the course of 24 hours, his account sent hundreds of messages to his friends about phony photos. The screen shot below shows a five minute period:

The domains mentioned in the messages are registered to “Victoria David,” which may be a fake name, and appear to have been registered within the last week.

Most phishing schemes are technically simple and rely on trickery to get information such as user names, email and passwords. They are surprisingly effective, sometimes more so than more advanced hacks and viruses. For example, although most of the contacts on my friend’s Facebook list are very technically savvy people with the latest anti-virus software, several willingly went to the phishing sites and gave up their personal information despite the fact that, 1. the posts were grammatically incorrect and our friend is a writer, and 2. they had never posted their messages to any of the listed websites. They visited the sites simply because it didn’t enter their minds that a friend would send them to a scam site -and of course he didn’t, but the phishing scheme that hijacked his Facebook account did.

The same common sense approach that one uses in email -never click on or visit an unknown link, even from a friend- applies here. Most people on my friend’s list did the right thing, which was to either ask him if the message was really from him or, knowing that it couldn’t be, they simply deleted it so that no one else seeing their Facebook wall would read it and get taken in.

Update Dec 29 – Here are some of the names of sites being used in this scheme: hiderush.com, bakespoil.com, floatclick.com, wagfloat.com, climbfloat.com, swimstroll.com, boastsing.com, spoilsail.com, mixclang.com, blinksnap.com, poachbang.com, cutboast.com, stuffrattle.com, wrestlegrowl.com, screechclimb.com, laughrattle.com, blendgrowl.com, stuffcrush.com, blinksnap.com

Often times these links are shown as nonclickable (eg hiderush – com, floatclick – com, bakespoil – com, wagfloat-com, etc.)

Some examples of posts are:

“I heard your profile pictures are on boastsing-com-take a look”
“since when have your pics been up on spoilsail-com-check it out.”
“your pics are on mixclang-com-check it out.”
“Has anyone told you there’s a website showing your pictures its laughrattle-com-check it out”
“did your see that cool site with your pictures on it wrestlegrowl-com-you gotta see it.”

Popularity: 100% [?]

Related posts

• Twitter Hit With Phishing Attack (0)
• Weird Web – Sites For When You’re Truly Bored (2)
• Microsoft, Yahoo!, Western Union and African Combat Internet Lottery Scams (4)
• Yahoo! Mash Goes Under -Did You Know it Existed? (0)
• Time to Come Out? National Coming Out Day is October 11 (0)

Posted in: Crime / Scams, News

Tags: Address Book, Crime / Scams, Facebook, Phishing, Scam

This entry was posted on Thursday, December 25th, 2008 at 11:50 am and is filed under Crime / Scams, News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.