Gawker: valleywag, phishing

The Latest Facebook Scam

Owen Thomas — Thu, 30 Apr 2009 16:17:27 EDT

Oh no! There's a site which tricks you into handing over your personal information for its own nefarious, moneymaking schemes! It's called Facebook. Oh, also, people are all upset because FBstarter.com is stealing their passwords.

Facebook is the target of new phishing scams, which attempt to trick users to logging into FBaction.net and FBstarter.com, thereby handing over their passwords. (If you got taken in, don't feel bad — so did notorious social media fameball Rex Sorgatz!) Here's a screenshot of the scam in action, via The Next Web:

But wait, isn't that exactly what Facebook is trying to do on sites like Digg and The Insider and Gawker? Its Facebook Connect program is designed to let people use their Facebook logins on other websites. And the only way Facebook will ever make money is by getting users to share every last moment of their life. If the Facebookers were really doing their jobs, their users wouldn't have any private information left for phishers to steal.

Facebook security a laughing matter for cofounder

Owen Thomas — Thu, 28 Aug 2008 11:40:00 EDT

Officially, Facebook is treating the onslaught of viruses piggybacking on the social network's popularity as a very, very serious matter. We're talking Sheryl Sandberg serious. Facebook's press statement reads: "We are investigating every report, removing false content, blocking bogus links and addressing the concerns of our users. These efforts have limited the affected users to a small percentage of those on Facebook.” The unofficial response from cofounder Dustin Moskovitz, posted on CEO Mark Zuckerberg's Facebook profile, is much more fun:

If you need the joke explained, Moskovitz is making fun of a common tactic used by hackers: Sending fake messages which appear to come from an authority, in an effort to get people to give up their passwords. But he's got a backhanded point. If Facebook insists on using its own software to make major announcements, a fake Mark Zuckerberg has a decent chance of fooling a lot of the people, a lot of the time.

Virus mimics Facebook's hated Beacon ads

Nicholas Carlson — Tue, 26 Aug 2008 13:20:00 EDT

Facebook CEO Mark Zuckerberg should be relieved to learn that someone is at last "leveraging the social graph," as he might put it, for financial gain. Problem is, it's not Facebook. It's hackers pulling a phishing scam. A tipster tells us his friends at Facebook are busy fighting a virus that tricks a user into opening "a YouTube phishing site," delivered in the form of a Facebook message from one of the user's Facebook friends.

You get a Facebook message from a friend, urging you to check out this video. You go there, and it's a YouTube phishing site (with your friend's facebook profile picture and name on it), which then urges you to update your Flash player. Don't do it — it fucks up your computer and then spams all your Facebook contacts (not sure exactly how it does that). But it's interesting that hackers are now using a supposedly "trusted" messaging platform such as Facebook to launch attacks

If the hackers' method sounds familiar — a third party attempts to get a user to click based on what looks to be the endorsement of a friend — that's because Facebook tried the same idea with Beacon last year. And it's trying it again with Engagement Ads, a new format coming this fall.

AOL phisher gets 7-year maximum jail sentence

Paul Boutin — Thu, 14 Aug 2008 18:40:00 EDT

He's only 24 years old, but Michael Dolan of West Haven, Conn. has been slapped with the maximum sentence after pleading guilty to fraud and aggravated identity theft. Dolan and five accomplices spammed AOL users for four years with messages such as, "Due to a central server meltdown, your credit card information was lost." The prosecution claimed the scams had taken in at least $400,000 from 250 users who fell for it. Dolan's defense lawyer had argued that Dolan suffered mental illness, made worse by his father's suicide.

iPhone day 35: Phishing scam hooks many MobileMe users

Paul Boutin — Thu, 14 Aug 2008 17:40:00 EDT

A security company that crawls the Net turned up personal information for between 100 and 200 users of Apple's MobileMe email service, stored on a server used by phishing scammers. By contacting victims, investigators at CardCops learned that they'd fallen for this week's unusually convincing MobileMe scam. Which really raises the question: Why are most phishing emails so obviously phony? [InfoWorld]

Microsoft acquires AOL, according to clever phishing scheme

Nicholas Carlson — Wed, 13 Aug 2008 18:40:00 EDT

MSNBC.com did not report this morning that in a long-anticipated move, Microsoft has acquired AOL. But after finding the above "MSNBC Breaking News" alert in my inbox this morning, I thought they did for a minute there. I even started drafting a post on the news ("Last we heard about the deal in mid-July, AOL negotiators were …"). Then my boss yelled at me. I looked at the email again and saw it came from — obviously a phishing scammer. A clever one, though, who knows Valleywag editors are hungrier for news than for Angelina Jolie's lips. A tipster tells us there's similar "Breaking News alert" email going around, declaring "Yang relinquishes control over Yahoo!"— don't believe that one, either.

iPhone day 33: The most eye-pleasing phishing spam ever

Paul Boutin — Tue, 12 Aug 2008 13:00:00 EDT

A Macworld reader sent in a screenshot of a charmingly credible HTML email that claims to be from Apple: "We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?" It's convincing not just because it's pretty, but because this sort of error from MobileMe at this point would seem like a minor hurdle — I'm still trying to figure out how my wife's name got onto my account in the conversion. That'll teach me to sneak her credit card.

Internet scammers exploit executives' love of printed documents

Jackson West — Wed, 16 Apr 2008 11:40:00 EDT

The latest email phishing attacks reveal a new tactic: Rather than go after lowest-common-denominator suckers, savvy frauds are going after executives and other big-money targets — "whaling" in security-speak. A recent attack appeared to be a subpoena for a San Diego District Court case, with the attached file triggering spyware that would log keystrokes. An earlier, similar attack targeted a high-level defense contractor. The spyware itself wasn't particularly advanced, but the social engineering component is. The attacks exploit a generation gap — executives tend to be older and prefer print documents, especially for official correspondence, and both attacks encouraged the potential victims to open PDFs. (Photo by NOAA)