A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week.
The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on (such as, say, to see a comment left by a friend), only the links take you to a phishing Facebook copy, and when you type in your username and password, BAM! Your login credentials have been stolen.
[Ed. note: Could this be what happened to Tracy Turkish Brooks and her “other pussy” on Facebook?]
According to reports, it seems that Facebook is playing whack-a-phish with them – as soon as they identify and disable the dastardly applications, more crop up to take their place. And confoundingly, the applications can take the name of, and look very similar to, other existing legitimate applications.
For example, the first six identified last week had names like Inbox, Birthday Invitations, Your Photos, and Posts.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Last Thursday, after Facebook had disabled six such applications, five more cropped up to take their place; those new bad apps included applications called:
Friends Gifts
Matching
Pok
Your Photos
Friends
All of the new five were disabled by the end of that day too, but not, of course, before they had tricked countless users, and snagged countless passwords.
The issue was first brought to light by security outfit Trend Micro. Said Trend Micro’s Rik Ferguson, “The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters’ advertising returns.”
Facebook has commited that they “will continue to ensure that all applications on Facebook Platform comply with Facebook policies.”
This is one more example of just why you shouldn’t click on links embedded in email, or, at very least, if your mail program offers the capability, hover your mouse over the link to see what the real link is.
In addition, Ferguson recommends regularly culling your Facebook account for applications you no longer use, and deleting them, and we think that’s darned good advice.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
But the users are not always to blame. When my computer had a hard disk breakdown and came back with a new hd installed they had put in a four-letter name (mine mis-spelled, but common in this country)and pswd and as it was Linux I had the greatest difficulty in changing it, even with their help! Another approach is to mix not only letters and numbers but also languages if you know a few…
This is one of those “…lead a horse to water…” issues. Having worked in IT for (too many) years, nearly everyone I know uses the most simple password they can think of. I don’t see that changing anytime soon. I’d like to see it mandatory that all passwords be a minimum of 8 characters, upper-lower case and a at least one symbol character.