Hackers and spammers have been using relatively similar tactics over the past few months to compromise Facebook user accounts. The most recent scam spreading on Facebook involves the use of hijacked user accounts for sending out chat messages with links to the standard Facebook phishing page. When the user clicks the link, they are sent to a fake Facebook login page and then redirected to the actual Facebook after their email and password has been stolen.
The system then automatically logs in with the user’s account and spams all their friends via chat. This form of phishing scam utilizes automated robots to perform these tasks on a large level. Facebook is known for aggressively pursuing phishers, scammers, and hackers. However once in a while new security vulnerabilities appear on Facebook. This is the latest one of those.
My guess is that Facebook will have this new security issue resolved relatively quickly as the offending site will be blocked and Facebook will set up a filter to remove the chat message. The chat message that we received stated: “ROFL this you?! http://3.ly/mZQ”. Had I not known that this is a standard scam, I could have easily been duped.
There’s no telling how many users have had their accounts compromised in this latest attack but if you want to protect yourself, make sure not to click on any questionable links sent by your friends via chat.