Facebook Users Hit with Scam

The social networking site, Facebook, is often thought of as being safer than Myspace. That is changing after a phishing scam hit Facebook users by in January 2008.

Many Facebook users who check their email in the early days of the new year found a posting on their wall from one of their friends that said, "lol I can't believe these pics got posted.... it's going to be BADDDD when her boyfriend sees these." The post then appeared to have a valid Facebook link. However, the link lead to a fake Facebook login page hosted on a Chinese .cn domain. The fake page actually logs the victims into Facebook, but also keeps a copy of their user names and passwords.

Armed with this information, the hackers then posted messages containing the same URL on the public "walls" of the users' friends. The technique is a powerful phishing scam, because the link seems to be coming from a trusted friend.

This is just one example of how hackers are using phishing to gain access to people’s financial account information. This is due to the fact than many people use the same user names and passwords to do online banking or access their credit card accounts. For those of us who can pat ourselves on the back for using completely different user names and password accounts for our finances, we may be using the same login information for our Facebook or Myspace accounts as we do on Ebay, Amazon or other retail sites that have our credit card information stored.

Users who fall prey to phishing scams should log in and change their passwords immediately, and do the same to their e-mail and shopping accounts if they used the same password for those services.

To avoid a great amount of damage by these scams, have a different login and password for each site. This might sound like a great inconvenience, but there are solutions. There are programs that you can have on your computer that stores the login information for you and all you have to do is remember your master password. One that you do not use anywhere else. Or, you can do something along the lines of what I do with my desktop computer at home - I have the list of sites and login information on the side of my monitor.

Information for article taken from various internet sources (including my own Facebook page).
See http://www.wired.com/politics/security/news/2008/01/facebook_phish for a full article.