Fake Facebook login phishing passwords

Yesterday, one of my facebook friends sent an email to all his friends with the subject of “Funniest video EVER – A monkey smoking a cigarette!”. In the message was a link to a .info site. When I clicked there I was sent to a page that looked like I hadn’t logged into facebook yet, asking me to login. Being the “trusting” person I am I looked at the URL and noticed it said and not This was clearly a site trying to confuse me into typing my real facebook username and password into the forms so that they could then log in as me and do nasty things.

Wikipedia has a great description of phishing, which is what is happening here. “In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.”

Once they can log in as you they can contact all your friends in a way that they will trust is you, and download all the semi-private information that you have stored on Facebook. There is a wealth of information and access to other peoples information in most Facebook accounts. That information can then be leveraged with other information for further attacks, including “identity theft”.

Please watch very closely what URL you are at when you are asked for usernames and passwords, or where any scripting is in place. If you are a Firefox user I recommend using the NoScript extension so that you can control what sites you will run scripts from. You should only run scripts from known trusted sites, and not simply to look at some ‘cool video’ someone said you should check out. There are likely equivalents to NoScript for other browsers, although I would always avoid using Internet Explorer given the design philosophy at Microsoft isn’t to give you control over your computing experience (often they design the software to retain control over your computer, with their “Trusted Computing” platform being only one set of examples).

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight