Facebook a Platform for Phishing Scam – Websense

Bob Styran, IT audit expert
December 02, 2010 /

Websense, an IT security vendor, has found out another phishing scam that redirects Facebook users to phishing pages that ask for credit card numbers, passwords and other personal information.

Various services now use the social networking site to display phishing pages, so it would appear safe to users, according to Websense.

Websense noted that in some instances, Facebook users receive email messages that appear to come from Facebook Security and would ask them to confirm their accounts.

Patrik Runald, a senior manager of security research with Websense, said the phishing scam is not different from the usual phishing pages the users would see daily, except that this one exploits Facebook as the platform with the use of an iframe.

This scheme helps the phishing scam appear to be “more legitimate than a site hosted on another domain,” he said in his blog.

Runald added that in some other cases, Facebook users are redirected to phishing pages through a script that comes from a URL found at the end of the phishing email. He said this URL sends first the users to Facebook site before redirecting them to pages with phishing scam.

Runald said it is difficult for average users to figure out that the email contains malicious content because it points to a legitimate Facebook URL.

He added that anti-spam solutions and software products that filter web contents relying on heavy URL filtering will have trouble classifying the contents of the phishing scam because of the validity of the Facebook URL.

 

Share your opinion