Now that Facebook has 500 million users, it’s also a big juicy target for phishing and spam. Recently, a new wave of spam messages and chat messages have been flooding the site, and the volume has only surged in the past few days.
What do I mean by phishing? Most AllFacebook readers would be familiar with the term but for those who aren’t, I’m referring to fake emails that try to trick people into revealing their log-in details. Internet banking is a common target for this sort of social engineering hacking and I’ve also seen versions for Amazon and eBay.
Lately I’ve been receiving a lot of emails – which Gmail, to its credit, is mostly filing straight to the spam bin – purporting to be private messages from people on Facebook. The emails are very professionally constructed and probably entirely convincing for someone less cynical than me.
Sometimes spam and phishing attempts give themselves away with dodgy spelling or unprofessional layouts but in this case the emails look exactly like real private messages from Facebook. There are a few clues that all is not as it seems. Firstly I don’t recognize the name of the person purportedly sending the private message – not a clincher, since you can send PMs to people you are not yet friends with. Secondly, the email “to” field does not contain my email address. Thirdly, the message field is empty – which is probably deliberate to prompt people to going to the site to read it. Fourthly, if I actually bothered to check my Facebook account, the messages do not appear in the Facebook system, only in email.
All of this made me immediately suspicious so I investigated further. I found that if I hover my mouse over what purports to be the link to Facebook, the URL displayed as http://www.feetspicy.com. However, I doubt that this is a step that the average Facebook user would take. The only other clue is in the sheer volume. While I might occasionally receive a private message from an unknown Facebook user, 16 of them in two days definitely gets my warning antennae twitching.
If you are Facebook friends with some less techie types – your aunt Ethel perhaps – then you might want to warn them. In this case, it appears to be straightforward spam rather than phishing. In the interests of research, I went to the feetspicy.com website and found it was advertising cheap pharmaceuticals for sale rather than prompting anyone to log into Facebook. But next time that might not be the case and it could result in people getting their accounts compromised.
No wonder Facebook has just joined the board of directors of the Messaging Anti-Abuse Working Group. As many users have also noticed, numerous chat messages are flooding the site, offering free iPhones. Fortunately Facebook is aggressively filtering many of these pages and alerting users that the pages may be abusive, however that isn’t preventing the scammers from sending them.
We’re assuming that the volume of the messages on Facebook itself would die down as the site steps up its preventive measures, although this would not stop phishing spammers from targeting people via email. Given the various types of spammy messages floating around on and off the site, it seems likely that numerous accounts have been successfully phished and hacked. If you see messages like the ones pictured below or above, do not respond or click on them as some of them might result in the spam attack continuing to spread.