backtop


Print 19 comment(s) - last by bplewis24.. on May 7 at 2:43 PM

Facebook says it will pursue legal action against attacker

The use of social networking websites is skyrocketing. At first, social networking was mostly the realm of college students and teens looking to stay connected with friends. Social networks like Facebook have now been adopted as tools for business and users of all ages access the site.

Recently, the Pentagon even started to make use of social networking sites like Twitter and Facebook to help attract recruits for military service. With the skyrocketing success of Facebook, it's no surprise that success has led to undesirable elements being attracted to the website as well.

Last week Facebook was besieged by phishing attacks from a website called FBaction.net. The nefarious attack delivered messages to a Facebook friends list telling the users to check out a link. The link led to a fake Facebook page where users were tricked into entering their Facebook username and password.

Facebook says that is has now taken steps to stop the phishing attacks and to prevent users from accessing the FBaction.net website. Facebook says that it has given the site URL to MarkMonitor, a service that Facebook uses for security and around the clock monitoring and prevention of attacks on its network.

Facebook threat analyst Ryan McGeehan said, "Our deep commitment to the safety of our users requires a strong proactive security strategy, best-of-breed technology, and active engagement with industry leaders. MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing, so it was a natural next step for us to bolster our own security systems with their anti-malware solution."

Facebook says that it intends to pursue legal action against the owners of FBaction.net and that Facebook employees are resetting the passwords of users that were affected by the phishing attacks.

MarkMonitor CMO Frederick Felman said, "The meteoric success of Facebook makes it a natural target for malware attacks that seek to capitalize on their trusted and recognizable brand. Our experience protecting Fortune 500 companies, as well as our close day-to-day interaction with Facebook's own dedicated security team, allows us to expertly address Facebook's concerns about malware and phishing, and to help protect their platform and their users from ongoing attacks."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Tricked?
By bplewis24 on 5/4/2009 11:26:11 AM , Rating: 3
quote:
The nefarious attack delivered messages to a Facebook friends list telling the users to check out a link. The link led to a fake Facebook page where users were tricked into entering their Facebook username and password.


Geez, people (who use facebook) still fall for this?

Brandon




RE: Tricked?
By jamesbond007 on 5/4/2009 11:57:31 AM , Rating: 5
Most of the users on the entire Internet still fall for phishing attempts like this. It's not news, it's a shame.


RE: Tricked?
By quiksilvr on 5/4/2009 2:23:02 PM , Rating: 2
Electronic Darwinism.


RE: Tricked?
By maverick85wd on 5/4/2009 3:44:41 PM , Rating: 5
clearly these people need to switch to a Mac, since it's superior security would protect them from any malicious links

sorry, couldn't resist :)


RE: Tricked?
By spuddyt on 5/4/2009 12:18:22 PM , Rating: 2
I think I know plenty of people who would fall for that - assuming the phony webpage was made to look very convincing what have they got (assuming they are ignorant to what a phishing attack is) to tell them it is a scam?


RE: Tricked?
By borismkv on 5/4/2009 1:25:27 PM , Rating: 2
Well, the address bar is usually a freakin clue.


RE: Tricked?
By leexgx on 5/4/2009 3:02:34 PM , Rating: 3
with IE8 it grays out all but the domain address

dailytech.com < is norm black and the other part of the link is gray untill you hover over it then it all goes back to all black font untill you move your mouse off it, even firefox and opera do not do this yet


RE: Tricked?
By HeelyJoe on 5/4/2009 4:36:20 PM , Rating: 2
Maybe because it's absolutely useless?


RE: Tricked?
By Jackattak on 5/4/2009 6:29:11 PM , Rating: 1
+1


RE: Tricked?
By Motoman on 5/4/2009 4:23:17 PM , Rating: 2
...presuming you're one of the 1% of all internet users who has any idea what a URL is, and/or what it should look like.


RE: Tricked?
By bplewis24 on 5/7/2009 2:43:52 PM , Rating: 2
lol...

Brandon


kids
By Screwballl on 5/4/2009 10:36:23 AM , Rating: 4
all these kids really need their password protected against people wanting to steal their spring break pictures of their visit to the mall...




RE: kids
By Bremen7000 on 5/4/2009 12:24:32 PM , Rating: 3
Or use the same login for their school/bank/email account and do real damage.


Darwin?
By anonymo on 5/4/2009 10:57:50 AM , Rating: 5
I'm of the opinion that phishing sites cleanse the unwanted filth from our precious social oases.




Hypocrties
By Shida on 5/4/09, Rating: -1
RE: Hypocrties
By Smilin on 5/4/2009 2:59:13 PM , Rating: 2
quote:
No I don't use the service but it's just amazing how a lot of people are willing to trust their personal information to a company if it just simply promises that they will be a-ok and that nothing will hurt them. Along with some complimentary pillow and blanket.


What personal information?

It's not like you have a credit card number or your SSN in your facebook account. The only information they have is the same stuff that's printed on the outside of the junkmail that arrives in my mailbox every day: Name, address.


RE: Hypocrties
By smackababy on 5/4/2009 3:13:22 PM , Rating: 2
The information on the outside of the junk mail was sold by some company you gave personal information to. And besides, I would not be surprised if people used the same password/email for their facebook accounts that they use for their bank, email, and anything else important.


RE: Hypocrties
By Smilin on 5/5/2009 11:07:15 AM , Rating: 2
The point is that "giving your personal information to facebook" is not some horrible idea. It's just not very damaging information. Your name and address (should you publish that in facebook) is already known unless you're a hermit who has never applied for a loan, subscribed to a magazine, have a credit report, etc..

I'll trust facebook with the information I've given them. Not because I actually trust facebook, but because the information is just not that valuable and can be obtained from other sources with much less effort.

If you use the same user/pass for facebook as you do your bank then that's your own fault.


RE: Hypocrties
By Gumby16 on 5/5/2009 3:11:44 PM , Rating: 1
Since you're likely unaware and think that all people run around handing over personal information, remember that your information is being sold to 3rd parties by your bank, your credit card company, your magazine subscriptions...the list goes on and on. What Facebook asks for is already public information easily obtained from rental agreements, mortgage documents, court records, tax filings, and the phone book. You're not handing over highly sensitive credit card numbers, PIN numbers, social security numbers, or anything like that. Truth is, yes, people just stuff their passwords and usernames into boxes without thinking about it because everyone requires it and, on the front, a website is a website. Most people can't tell a real from a fake and most don't have the inclination to learn. Sad but true. Also- you have a valid point that Facebook only cares about privacy when it suits them. But in the interest of full disclosure they aren't doing anything different than all the other companies. That doesn't make it right, of course, but it means we need to be concerned with these practices among ALL businesses, not just internet companies.


"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki