Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Facebook Phishing attack -- Don't go to InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Facebook Phishing attack -- Don't go to

Published: 2009-04-29
Last Updated: 2009-04-29 20:52:58 UTC
by Joel Esler (Version: 1)
1 comment(s)

Matthew writes in to tell us about an article posted over on TechCrunch about a Phishing Attack that is "underway at Facebook."

This Phishing attack is an email that has the subject "Hello"  (First off, if you receive an email that has a subject of "Hello", and that's all...  immediately suspect for nonsense.  I used to get a ton of these at one point, because I belonged to a website where people would post via a webpage, and this webpage had no spam protections, so the most common Subject was "Hello".  It got so bad, I used to send all Emails with simply the subject "Hello" to /dev/null.  (Yes, it was *that bad*.) Anyway, I digress.)

The phishing attack with read something like ""YOURFRIEND" sent you a message" with a link to go click on and read what your "friend" wrote.

The link instead sends you off to (Don't go there.)  Where the page looks like the Facebook login page and they are hoping you will type in your credentials.  Farily simple phish, so keep your eyes open.

Original article here.  Thanks Matthew!

-- Joel Esler | |

1 comment(s)
Diary Archives