Phishers Target Facebook Again
Phishing attacks that try to get Facebook users to enter their log-in credentials at a fraudulent site in order to steal them have plagued users for the past two days, with phishing traced back to FBstarter.com, BAction.net and possibly others The viral phishing infection spreads via Facebook contact lists of victims.(Read more about security issues involving social networks)
Ryan McGeehan, threat analyst for Facebook, said phishing attacks are a fairly commonplace occurrence at the Facebook site, occurring every few weeks. While he wasn't ready to release specific numbers concerning how many of Facebook's 200 million users may have been victimized by the latest round of scams, he said Facebook has taken firm steps to repel the attacks.
"We've seen attacks like these before," said McGeehan, whose job is to identity and respond to security events. "We expect them. It's nothing out of the ordinary."
Facebook users, he said, remain the front line of defense, notifying Facebook that phishing fraud appears to be underway, typically by letting Facebook know about it through the site's security page.
Facebook then takes steps to "remove and clean" traces of the phishing by running a script. Users typically have to re-set their passwords, too. Facebook also relies on security firm MarkMonitor to tackle clean-up at various servers as well as go after the domain registrars for the identified phishing sites to get them shut down. Blacklists supplied to Microsoft and Google also help to block the phishing fraud sites at the browser level.
McGeehan said education of users about the threat remains one of the main ways to try and prevent phishing at Facebook. He notes that it appears the phishing attacks against Facebook and its users that surge from time to time do appear to be clearly oriented to provide the attackers with a way to make money via click-throughs for ads. When there are high volumes of phishing, it's easy to spot, but the tougher attacks are those that are more subtle, he said.