Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Lightweight Facebook social engineering scam InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Lightweight Facebook social engineering scam

Published: 2008-12-29
Last Updated: 2008-12-29 23:19:11 UTC
by Toby Kohlenberg (Version: 1)
1 comment(s)

We've gotten reports (thanks to Steve who first reported it) of Facebook users receiving messages indicating that their photos have been stolen and posted to a different site (blinksnap.com and cheepfry.com). When you go to the sites, they request name, email and a password and then show you a picture of a monkey as a joke. However, if you enter your facebook account info, all your friends are sent the following message:

"Have been uploading your pics on blinksnap-com-go there

Has anyone informed you your photos are on cheepfry-com-go there" 

This doesn't have to be a huge threat. It's only an issue if you are silly enough to provide it with meaningful credentials if you reply at all. Please folk, remember to use unique credentials and don't give away your username/password.

UPDATE: Jeff pointed out that many/most of the sites that are connected to this scam seem to be using an IFRAME pointing at rotating-destination.com/taf/taf.html and most of the sites are resolving to a single IP address - 208.78.242.184

Keywords:
1 comment(s)
Diary Archives