New Facebook phishing attack uses 'fake' Yahoo Philippines email

A "bogus-looking" Yahoo Philippines email may be used in a new wave of phishing attacks targeting Facebook users, according to a report on Forbes.com.

Forbes said Facebook has discovered a "single isolated campaign" using compromised email accounts to gain information taken from Friend Lists.

"(We have) discovered a single isolated campaign that was using compromised email accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site," Forbes quoted Facebook as saying in a statement released to it.

It said the new attack poses as users' friends and family to trick them into clicking on potentially dangerous links.

Forbes said Facebook has since enhanced its scraping protectins to thwart similar tricks.

"To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information," it quoted Facebook as saying.

The Forbes report said the new spear-phishing campaign makes the email appear to come from a close friend or family member, and address the victim by name in the subject line or body of the message.

It also includes a link to a website controlled by the spammers.

"They exploit the fact that you’re more likely to click on strange links if they’re sent by a trusted friend," Forbes said.

Forbes.com staff David Ewalt, who wrote the report, said he received two such spear-phishing messages last week at his personal email address he registered with his Facebook account.

"In both cases, the sender appeared to be someone I interact with on Facebook, and the subject line was personalized ('for David'). But when I checked the email’s header fields, I saw that while my friend’s name was in the 'From:' field, the originating address wasn’t their usual account; instead, it was a bogus-looking Yahoo! Philippines email," he said.

Forbes also quoted Johannes Ullrich, chief research officer for the SANS Institute, as saying the number of spam attacks using data collected from social networks has ramped up in recent weeks.

“Automating these attacks is easier then before ... Having millions of users connected to the same [programming interface] creates a rather easy opportunity to harvest this information. The process is also aided by Facebook’s confusing privacy settings. They have improved, but still many users don’t realize what they share and who they share with,” Ullrich said.

Facebook recommended that users take the following steps:

Review security settings and consider enabling login notifications. Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious. Don’t accept on friend requests from unknown parties. Report scams so they can be taken down. Don’t download apps you are not certain about. When accessing Facebook from places like hotels and airports, text 'otp' to 32665 to receive a one-time password to your account.

— TJD, GMA News

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Lenten procession more than just a spectacle VERA Files - The Inbox

    Text and photos by Kiersnerr Gerwin Tacadena, VERA Files Baliuag, Bulacan--This town is hosting what could be the country’s biggest Lenten procession consisting of more than 100 religious statues riding on carriages or carrozas. But concerns are being raised that … Continue reading → …

  • Holy Week in Mt Banahaw: Mysticism meets Catholicism VERA Files - The Inbox

    Text and photos by Patricia Isabel Gloria, VERA Files Dolores, Quezon—Around this time each year, hundreds of devotees flock to Barangay Sta. Lucia in Dolores, Quezon on the slopes of Mount Banahaw to celebrate Holy Week. Here, mysticism meets Catholicism, … Continue reading → …

  • Simbang lakad for Lolo Uweng VERA Files - The Inbox
    Simbang lakad for Lolo Uweng

    By April Anne Benjamin, VERA Files San Pedro, Laguna--For 14 Maundy Thursdays now, Inding Amoranto has prayed the rosary while walking the eight-kilometer distance from her house to the Shrine of Jesus in the Holy Sepulcher in the village of … Continue reading → …

POLL
Loading...
Poll Choice Options