Although there have been a couple of “traditional” Facebook phishing attacks making the rounds in the news this week, we’re also hearing of more slightly sophisticated scams targeted at owners of large Facebook groups.
Here’s how it works: As you may expect, owners of large Facebook groups get inbound marketing or partnership proposals all the time. However, now some phishers are making offers to owners that include links to password phishing sites. Once the login credentials are obtained, the phishers don’t send out masses of messages like traditional worms. Rather, they quietly transfer ownership control of the group to another account and don’t touch anything else.
Although admins of large Facebook groups are only able to messages to a small percentage of members, spammers are attracted to Facebook groups because they get a decent amount of traffic and continue to grow virally. However, once group admins start abusing their powers, it is quite easy for Facebook to shut them down. Facebook has put sophisticated spam detection mechanisms in place to nip this kind of behavior in the bud, which has significantly decreased the number of Facebook groups being sold and rented, for the benefit of the health of the whole ecosystem.
Nevertheless, it just goes to show that there is an active market in various types of real estate inside Facebook, attracting both above-board and below-board parties. Group administrators should use the same discretion when clicking on links in Facebook messages from strangers as they would from any unsolicited email.