A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week.
The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on (such as, say, to see a comment left by a friend), only the links take you to a phishing Facebook copy, and when you type in your username and password, BAM! Your login credentials have been stolen.
[Ed. note: Could this be what happened to Tracy Turkish Brooks and her “other pussy” on Facebook?]
According to reports, it seems that Facebook is playing whack-a-phish with them – as soon as they identify and disable the dastardly applications, more crop up to take their place. And confoundingly, the applications can take the name of, and look very similar to, other existing legitimate applications.
For example, the first six identified last week had names like Inbox, Birthday Invitations, Your Photos, and Posts.
Last Thursday, after Facebook had disabled six such applications, five more cropped up to take their place; those new bad apps included applications called:
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
All of the new five were disabled by the end of that day too, but not, of course, before they had tricked countless users, and snagged countless passwords.
The issue was first brought to light by security outfit Trend Micro. Said Trend Micro’s Rik Ferguson, “The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters’ advertising returns.”
Facebook has commited that they “will continue to ensure that all applications on Facebook Platform comply with Facebook policies.”
This is one more example of just why you shouldn’t click on links embedded in email, or, at very least, if your mail program offers the capability, hover your mouse over the link to see what the real link is.
In addition, Ferguson recommends regularly culling your Facebook account for applications you no longer use, and deleting them, and we think that’s darned good advice.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!