New Facebook phishing attack uses 'fake' Yahoo Philippines email

A "bogus-looking" Yahoo Philippines email may be used in a new wave of phishing attacks targeting Facebook users, according to a report on Forbes.com.

Forbes said Facebook has discovered a "single isolated campaign" using compromised email accounts to gain information taken from Friend Lists.

"(We have) discovered a single isolated campaign that was using compromised email accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site," Forbes quoted Facebook as saying in a statement released to it.

It said the new attack poses as users' friends and family to trick them into clicking on potentially dangerous links.

Forbes said Facebook has since enhanced its scraping protectins to thwart similar tricks.

"To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information," it quoted Facebook as saying.

The Forbes report said the new spear-phishing campaign makes the email appear to come from a close friend or family member, and address the victim by name in the subject line or body of the message.

It also includes a link to a website controlled by the spammers.

"They exploit the fact that you’re more likely to click on strange links if they’re sent by a trusted friend," Forbes said.

Forbes.com staff David Ewalt, who wrote the report, said he received two such spear-phishing messages last week at his personal email address he registered with his Facebook account.

"In both cases, the sender appeared to be someone I interact with on Facebook, and the subject line was personalized ('for David'). But when I checked the email’s header fields, I saw that while my friend’s name was in the 'From:' field, the originating address wasn’t their usual account; instead, it was a bogus-looking Yahoo! Philippines email," he said.

Forbes also quoted Johannes Ullrich, chief research officer for the SANS Institute, as saying the number of spam attacks using data collected from social networks has ramped up in recent weeks.

“Automating these attacks is easier then before ... Having millions of users connected to the same [programming interface] creates a rather easy opportunity to harvest this information. The process is also aided by Facebook’s confusing privacy settings. They have improved, but still many users don’t realize what they share and who they share with,” Ullrich said.

Facebook recommended that users take the following steps:

Review security settings and consider enabling login notifications. Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious. Don’t accept on friend requests from unknown parties. Report scams so they can be taken down. Don’t download apps you are not certain about. When accessing Facebook from places like hotels and airports, text 'otp' to 32665 to receive a one-time password to your account.

— TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Couple married 67 years holds hands in final hours together
    Couple married 67 years holds hands in final hours together

    FRESNO, Calif. (AP) — After spending 67 years together as devoted husband and wife, there was no question how Floyd and Violet Hartwig would end their lives — together. …

  • Lupita Nyong'o's $150,000 Oscars dress stolen from hotel
    Lupita Nyong'o's $150,000 Oscars dress stolen from hotel

    The $150,000 pearl-studded, custom-made Calvin Klein dress worn by Oscar-winning actress Lupita Nyong'o at this year's Academy Awards has been stolen, police said on Thursday. The gown, embellished with 6,000 natural white pearls, was stolen from Nyong'o's room at the London Hotel in West Hollywood, during the day on Wednesday, a spokesman for the Los Angeles County Sheriff's Department in West Hollywood said. "Ms Nyong'o was not in the room at the time of the theft," Deputy John Mitchell …

  • US-led strikes on IS after group seizes 220 Christians
    US-led strikes on IS after group seizes 220 Christians

    The US-led coalition has carried out air strikes against the Islamic State group in northeastern Syria, where the jihadists have launched a new offensive and kidnapped 220 Assyrian Christians. The raids on Thursday struck areas around the town of Tal Tamr in Hasakeh province, the Syrian Observatory for Human Rights said, without giving information on possible casualties. The town remains under the control of Kurdish forces, but at least 10 surrounding villages have been seized by IS, along …

  • Militants abduct more Christians, smash ancient artifacts
    Militants abduct more Christians, smash ancient artifacts

    BEIRUT (AP) — Islamic State militants seized more Christians from their homes in northeastern Syria in the past three days, bringing the total number abducted by the extremist group to over 220, activists said Thursday. …

  • 3 Pinays on Forbes power women list
    3 Pinays on Forbes power women list

    Three Filipina executives, who are all daughters of known business tycoons in the country, made it to Forbes’ list of the 50 most powerful businesswomen in Asia. Teresita Sy-Coson, vice chairman of SM Investments and chairman of BDO Universal Bank, was included in the list for the fourth year in a row since its inception. “Under her (Sy-Coson) lead SMIC became the largest listed company on the Philippine Stock Exchange by market cap. Also in the 2015 list is 70-year-old Helen Yuchengco-Dee, …

  • 13 of 15 SAF survivors to leave PNP hospital
    13 of 15 SAF survivors to leave PNP hospital

    Thirteen of the 15 Special Action Force (SAF) policemen who survived the bloody firefight with Muslim rebels in Mamasapano last month are ready to go home after a month of medical treatment, a police official said yesterday. Philippine National Police (PNP) spokesman Chief Superintendent Generoso Cerbo Jr. said the two remaining survivors will have to stay in hospital for further treatment, one of whom has shrapnel embedded near his spine. One of the two SAF commando survivors is still …

  • US sends spy plane to patrol disputed sea
    US sends spy plane to patrol disputed sea

    The United States has deployed its newest and most advanced surveillance aircraft for patrols over the West Philippine Sea and South China Sea. The P-8A Poseidon aircraft completed more than 180 flight hours from Feb. 1 to 21 from Clark Air Base, according to the US Navy’s 7th Fleet. …

  • Review: SKK Mobile V2, a P3,999 watered-down LG G2
    Review: SKK Mobile V2, a P3,999 watered-down LG G2

    How well does this P3,999 offering from an underdog in the local mobile industry stack up against the competition? Let's find out. …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options