Facebook Phishing, the New Scam

I’ve written numerous times about the proliferation of spam on Facebook and it’s becoming increasingly prevalent. This morning the Sydney Morning Herald reported about one individual who’s friend had their account hacked and was being used by spammers to try to get money by claiming he had been stranded in Nigeria. If you’ve been using the internet for the past couple years then you know that Nigeria is a keyword which means “spam” nine times out of ten.

Sydneysider Karina Wells also was able to determine that the individual she was talking to was not her friend but was instead a scammer, but many people are not so fortunate. I have friends who have accidentally clicked on links in Facebook that install malware, and others have had their accounts “hacked”. The most popular model used by scammers appears to be a simple phishing technique.

Users are lured to an external site which looks like a Facebook login page and asked to enter their login information. Many users have actually entered it and then in short time, have had their accounts leveraged by hackers to spam their friends, or in the case of the Nigerian scammers, try to lure friends into sending money. Facebook is completely aware of the problem at hand.

Jesse Stay, reported earlier this weekend, that Facebook had added a Captcha, to user’s walls. Captcha displays an image and requires the user to type that image into the box. It avoids automated spammers. I have yet to see this on Facebook except for those users that haven’t verified their telephone number. Forcing users to go through a Captcha process every time would become quite a hassle.

Whatever the company comes up with, it will need to come up with one soon as the spam could easily begin to drive away users if it becomes more widespread. The simple way to avoid being “hacked” is by not entering your email and password on other sites. Sometimes, people are clumsy though, so Facebook will need to have the final say in the battle against spammers.