Back to Newsroom

16 October 2008

Phishing campaign targeting social networking aficionados lures the victims with an arousing message to the "almost perfect" phony site

BitDefender� researchers have detected an IM-based spam wave automatically sent to accounts which promises a "hot date" if the Facebook's users access the typosquatted link, as depicted below.



FaceBook Phishing



The fake Web site, which reproduces the genuine Facebook site extremely well, collects the log-in credentials using a php script.

Users should pay extremely close attention to details, such as Web sites names and avoid following links received in e-mail or IM spam. Failing to do so might result in stolen log in credentials. Phishers could exploit them to harvest e-mail addresses, retrieve other contact details stored in accounts or post spam messages or malware disguised behind banner advertising.

"Users should be cautious of any link sent to them via IM or email,"
said Vlad Valceanu, head of BitDefender's anti-spam research. "Along with paying close attention to Web site names and likes, it is important for computer users to have an IT security solution installed onto their systems in order to avoid future attacks."

 

Contacts