Infrastructure // PC & Servers
Commentary
2/17/2009
04:44 PM
David Berlind
David Berlind
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

InformationWeek Editor Duped In Facebook Phishing Scam

The damage could have been worse. I had my guard down. Although today started like any other day, I hadn't even taken one sip of my tea when I noticed a slight hiccup to the way things normally work when logging into Facebook (see image below). And now, someone out there (I'm not sure who) has the password I used to use for Facebook as well as for a handful of other sites. It's one of my not-to-be-used-for-transactional (financial)-sites passwords. So, nothing serious is at risk and I think I m

The damage could have been worse. I had my guard down. Although today started like any other day, I hadn't even taken one sip of my tea when I noticed a slight hiccup to the way things normally work when logging into Facebook (see image below). And now, someone out there (I'm not sure who) has the password I used to use for Facebook as well as for a handful of other sites. It's one of my not-to-be-used-for-transactional (financial)-sites passwords. So, nothing serious is at risk and I think I moved fast enough to go so far as to say nothing is at risk. But I should have known better and you can learn from my mistake.If you're currently a Facebook user, then the e-mail message below should look familiar. As can be seen from the image, the message that Jessica Lamoureux had written on my wall looks exactly like the hundreds of other messages that Facebook fills my in-box with.

I missed the fact that it was sent to my TechWeb address, which is not the e-mail address of record for my Facebook account. I also didn't bother to do what I usually do with links in e-mail messages (before clicking on them); I didn't mouse-over the message to double-check that the URI being displayed in the message wasn't an imposter that was masking a non-Facebook URL. As can be seen from below, it was. I also missed that once I clicked through, the URL in Firefox was pointing to http://facesbookcom.awardspace.com. I was asleep at the keyboard.

But the site's behavior certainly got my attention. I went through what appeared to be a normal login process, but then was asked for my password again. This second password request came from a legitimate Facebook page to which the imposter had redirected me. It's brilliant because if you're not paying close attention, you end up logged in to your actual Facebook account and may never realize that something was amiss. But I also was expecting to be taken directly to Miss Lamoureux' message (as is the normal behavior when clicking through e-mail) and that didn't happen. But by the time my spider senses were tingling, the "phishers" had both my login ID as well as my password. It happens to the best of us.

As I said earlier, the damage could have been worse. For example, by the time I realized my mistake, two key pieces of information on my Facebook account remained unchanged: my password and the contact e-mail. I changed both immediately. The phisher might have had some automated systems in place to change both (preventing me from logging in and also preventing Facebook's password recovery scheme from e-mailing me a new password). Had the phisher been faster than me -- for example, if the phisher's systems were automated (and no doubt, some phisher's systems are or will be) -- I would have been locked out of my Facebook account and who knows what else.

I think I've headed a small disaster off at the pass. But who knows? Furthermore, the skin on my neck took on a slight rosy pigment as I poked around awardspace.com (apparently, a Web hosting company) to find out why such a phishing scam is so easily run off its domain. I also reached out to Google since, with the imposter URL, this is one e-mail that the Gmail antispam engine should have nuked with one eye closed.

Here's the image (and watch what you're clicking on!):

The Face Of A Facebook Phishing Scam

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.