Facebook phishing warning

Published by pi on

On Facebook I’ve started to see and receive a ton of new spam from friends whose accounts have been hijacked.  I went on one of the phishing sites and was amazed at how similar it looks to Facebook.  I noticed immediately that, when I saw nothing (thank you NoScript – link below), the contents are written through JavaScript through document.write(unescape(…..)).  fanebook, a phishing site, writes the entire page’s contents through JavaScript.  Of course, it is escaped, so unless you can unescape all that in your head, you have to unescape it through JavaScript to see what it really writes:

Click here to see a text file with the HTML commented out

Then I wondered, whois fanebook.com (202.111.175.39)?

Click here to see the results

Screenshots

The similarities in appearance between the phishing site login and facebook’s are remarkable, but it looks like fanebook is a little behind, as the page appears to be from February 07, 2008.

Fanebook

Notice the incorrect URL, copyright date, footer and the presence of the Tour link; the source is also a dead giveaway.  It links to the real facebook.com in several places.

Facebook

How to avoid falling for a Facebook phishing scam

  • Don’t go to links posted by people on your wall, especially if you go to their profile and they have sent the same message to several other people.
  • www.facebook.com.xxxxxxxxx.xxxxxxxxxxx.cn is not a facebook site
  • Use some kind of phishing filter or related extension like WOT for FirefoxNoScript can help, as well.
  • If you already logged into Facebook and see a prompt to login again, don’t.
  • If you think that your account was hijacked, make a new password immediately.  Sometimes the phishing sites redirect you to Facebook itself so you think you logged in successfully.
  • Always check the URL before entering your credentials
  • You can use a password manager (but not Internet Explorer’s) that will enter in your password automatically.  If you see a site that looks like facebook but Firefox doesn’t fill in your password, than it is fake.
  • If you suspect it is a fake, don’t sign in, or at least look at the source code first.  If it looks completely unintelligible then it is fake.
Categories: Uncategorized
Tags:

1 Comment

Matt Bigelow » Blog Archive » Watch out for the ‘Fanebook’ Facebook forgery · August 18, 2008 at 7:32 AM

[…] (Here are a few other examples of warnings at Weblog.com.np, hem.com and Pi’s blog. […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Uncategorized

403 Errors

Several people have reported 403 errors when trying to sync contacts.  Some are using two stage authentication, others aren’t.  Some use Windows 7, others 8.1.  I haven’t been able to recreate it myself. If you Read more…

Uncategorized

Version 0.4.0 Alpha 1 Released

Version 0.4.0 Alpha 1 has been released.  If you’re already using a pre-release of 0.4.0 it should automatically update, everyone else can get it here (go down to Development Channel at the bottom).  This is Read more…

Uncategorized

gContactSync 0.2.0b2 Released

I have released gContactSync 0.2.0b2, and you can download it here. Current Features All the features of 0.1 Synchronizes an address book in Thunderbird with contacts from a Google Account (Gmail) Customizable Groups in Gmail Read more…