New Facebook phishing attack uses 'fake' Yahoo Philippines email

A "bogus-looking" Yahoo Philippines email may be used in a new wave of phishing attacks targeting Facebook users, according to a report on Forbes.com.

Forbes said Facebook has discovered a "single isolated campaign" using compromised email accounts to gain information taken from Friend Lists.

"(We have) discovered a single isolated campaign that was using compromised email accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site," Forbes quoted Facebook as saying in a statement released to it.

It said the new attack poses as users' friends and family to trick them into clicking on potentially dangerous links.

Forbes said Facebook has since enhanced its scraping protectins to thwart similar tricks.

"To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information," it quoted Facebook as saying.

The Forbes report said the new spear-phishing campaign makes the email appear to come from a close friend or family member, and address the victim by name in the subject line or body of the message.

It also includes a link to a website controlled by the spammers.

"They exploit the fact that you’re more likely to click on strange links if they’re sent by a trusted friend," Forbes said.

Forbes.com staff David Ewalt, who wrote the report, said he received two such spear-phishing messages last week at his personal email address he registered with his Facebook account.

"In both cases, the sender appeared to be someone I interact with on Facebook, and the subject line was personalized ('for David'). But when I checked the email’s header fields, I saw that while my friend’s name was in the 'From:' field, the originating address wasn’t their usual account; instead, it was a bogus-looking Yahoo! Philippines email," he said.

Forbes also quoted Johannes Ullrich, chief research officer for the SANS Institute, as saying the number of spam attacks using data collected from social networks has ramped up in recent weeks.

“Automating these attacks is easier then before ... Having millions of users connected to the same [programming interface] creates a rather easy opportunity to harvest this information. The process is also aided by Facebook’s confusing privacy settings. They have improved, but still many users don’t realize what they share and who they share with,” Ullrich said.

Facebook recommended that users take the following steps:

Review security settings and consider enabling login notifications. Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious. Don’t accept on friend requests from unknown parties. Report scams so they can be taken down. Don’t download apps you are not certain about. When accessing Facebook from places like hotels and airports, text 'otp' to 32665 to receive a one-time password to your account.

— TJD, GMA News

Loading...

Editor’s note:Yahoo Philippines encourages responsible comments that add dimension to the discussion. No bashing or hate speech, please. You can express your opinion without slamming others or making derogatory remarks.

  • Phl aviation has met int’l safety standards – CAAP
    Phl aviation has met int’l safety standards – CAAP

    The Civil Aviation Authority of the Philippines (CAAP) said that the country’s aviation has met international safety standards and is currently being reviewed by the European Union. Members of the EU delegation recently made a courtesy call on CAAP Director General William Hotchkiss III. Beda Badiola, CAAP’s Flight Standards and Inspectorate Service chief, said all air carriers in the country have followed regulations that the agency was able to oversee properly according to standards. “They …

  • Absence of full-time PNP chief affecting police services
    Absence of full-time PNP chief affecting police services

    Despite the pronouncement of the leadership of the Philippine National Police that it’s business as usual, some basic services are undeniably affected by the absence of a full-time PNP chief, particularly the issuance of gun permits. The PNP had deferred the issuance of permits to carry firearms outside residence (PTCFOR) since Dec. 3, a day before the Office of the Ombudsman slapped a six-month suspension on former PNP chief Director General Alan Purisima, who is facing plunder charges. …

  • Expanded Phl-US war games start today
    Expanded Phl-US war games start today

    The Philippines and the United States will kick off today this year’s Balikatan military exercises amid concerns over China’s reclamation activities in disputed areas in the West Philippine Sea. More than 11,000 Filipino and American troops will join the drills to be held simultaneously in different locations until April 30. …

  • Budol-budol, dugo-dugo scams now online
    Budol-budol, dugo-dugo scams now online

    Authorities warned the public yesterday to be more careful in dealing with people they meet online as the “budol-budol” and “dugo-dugo” gangs have expanded their deceptive operations on social media. Senior Inspector Robert Reyes, assistant chief of the Philippine National Police’s Anti-Cybercrime Group (ACG) investigation section, said online financial fraud is one of the emerging forms of scams in the country. Reyes said scam operators are looking for prospective victims online through …

  • Noy wants next PNP chief to serve beyond his term
    Noy wants next PNP chief to serve beyond his term

    President Aquino is inclined to name a new Philippine National Police (PNP) chief who can serve beyond the 2016 elections. Speaking to reporters at the Tarlac National High School before the weekend, Aquino said he was bewildered by the amended PNP Act that requires all deputies of the PNP chief to serve or stay at least one year in his post. Among the contenders for PNP chief are Deputy Director General Marcelo Garbo Jr., suspended Chief Superintendent Raul Petrasanta and Director Juanito …

  • ‘Stronger global action sought on China moves’
    ‘Stronger global action sought on China moves’

    Stronger international action is needed to counter China’s rapid reclamation activities in the West Philippine Sea, Speaker Feliciano Belmonte Jr. said yesterday. Belmonte noted that statements of condemnation from global powers on the continued encroachment of China in the disputed waters have been ineffectual. He added that China’s blatant expansion activities are making the problem not just a regional security problem, but a global one. “China is obviously violating our territory in front …

  • MILF refusal to surrender fighters jeopardizing talks
    MILF refusal to surrender fighters jeopardizing talks

    Leaders of the House of Representatives renewed their call yesterday to the Moro Islamic Liberation Front (MILF) to surrender its fighters allegedly involved in the killing of 44 police commandos in Mamasapano, Maguindanao last Jan. 25. Leyte Rep. Ferdinand Martin Romualdez, leader of the House independent bloc, said the continued refusal of MILF leaders to turn over their men is causing the further erosion of support for the proposed Bangsamoro Basic Law (BBL) in Congress. “I hope the MILF …

  • China ignores global outcry vs reclamation
    China ignores global outcry vs reclamation

    On Wednesday, G-7 foreign ministers issued a Declaration on Maritime Security expressing alarm over “unilateral actions, such as large scale land reclamation, which change the status quo and increase tensions” in the region. In their communiqué, which did not specifically mention China, the ministers expressed belief that reclamation activities were meant to “change the status quo” in the West Philippine Sea and South China Sea, through which 40 percent of global trade passes. …

POLL

Should Aquino be held accountable over the Mamasapano operations?

Loading...
Poll Choice Options