Spear-Phishing Campaign Identified on Facebook
A “spear-phishing” campaign has been identified by Facebook that used compromised email accounts to scrape information from Friends Lists on the site.
Affected Facebook users have reported receiving targeted spam messages that had been sent to personal email addresses registered to their Facebook account.
The “spear-phishing” emails posed as messages from friends and family of Facebook users, they referred to the intended victim by name and included a link to a website controlled by the perpetrator to exploit the victims tendencies to click on a link if they appear to have originated from a trustworthy source.
Facebook has received reports of the glitch from users and states that it has since enhanced its scraping protection to protect against the “spear-phishing” attacks, however, also state that there has not been a compromise of Facebook nor a leak of private information.
Protect Against Spear-Phishing Attacks
The current recommendations to protect accounts are made whilst Facebook resolves the issue:
• Review the Facebook account security settings and enable login notifications.
• Not to click on strange links, even those from Facebook friends and notify the apparent sender if you receive something suspicious through another reliable channel.
• Hover over a link without clicking on it to see the full URL of the true destination of the link.
• Don’t access the links provided in an email from Facebook, message or chat if it is suspected that it may not be authentic or the sender is not trusted, instead navigate directly to the website.
• Any email requesting login or financial information should not be trusted.
• Do not accept Facebook friend requests from parties who are unknown.
• If you access Facebook from public places, such as hotels or airports, use the “otp” text function to 32665 to obtain a one-time password to your account.
3rd September 2012
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0330 123 4448 or via email on firstname.lastname@example.org, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.