Facebook Apps Gone Wild – Rampaging Phishing Facebook Applications Stealing Usernames and Passwords

The Internet Patrol - Patrolling the Internet for You

 

A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week.

The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on (such as, say, to see a comment left by a friend), only the links take you to a phishing Facebook copy, and when you type in your username and password, BAM! Your login credentials have been stolen.

[Ed. note: Could this be what happened to Tracy Turkish Brooks and her “other pussy” on Facebook?]


According to reports, it seems that Facebook is playing whack-a-phish with them – as soon as they identify and disable the dastardly applications, more crop up to take their place. And confoundingly, the applications can take the name of, and look very similar to, other existing legitimate applications.

For example, the first six identified last week had names like Inbox, Birthday Invitations, Your Photos, and Posts.

Last Thursday, after Facebook had disabled six such applications, five more cropped up to take their place; those new bad apps included applications called:

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:
Get notified of new Internet Patrol articles for free!

Friends Gifts
Matching
Pok
Your Photos
Friends

All of the new five were disabled by the end of that day too, but not, of course, before they had tricked countless users, and snagged countless passwords.

The issue was first brought to light by security outfit Trend Micro. Said Trend Micro’s Rik Ferguson, “The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters’ advertising returns.”

 

Facebook has commited that they “will continue to ensure that all applications on Facebook Platform comply with Facebook policies.”

This is one more example of just why you shouldn’t click on links embedded in email, or, at very least, if your mail program offers the capability, hover your mouse over the link to see what the real link is.

In addition, Ferguson recommends regularly culling your Facebook account for applications you no longer use, and deleting them, and we think that’s darned good advice.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

2 thoughts on “Facebook Apps Gone Wild – Rampaging Phishing Facebook Applications Stealing Usernames and Passwords

  1. But the users are not always to blame. When my computer had a hard disk breakdown and came back with a new hd installed they had put in a four-letter name (mine mis-spelled, but common in this country)and pswd and as it was Linux I had the greatest difficulty in changing it, even with their help! Another approach is to mix not only letters and numbers but also languages if you know a few…

  2. This is one of those “…lead a horse to water…” issues. Having worked in IT for (too many) years, nearly everyone I know uses the most simple password they can think of. I don’t see that changing anytime soon. I’d like to see it mandatory that all passwords be a minimum of 8 characters, upper-lower case and a at least one symbol character.

Leave a Reply

Your email address will not be published. Required fields are marked *