By Mark Huffman
November 4, 2009
Facebook users are being warned about another phishing scam. This one has the objective of tricking users into providing their email address and password, then hijacking it to make unauthorized posts.
For example, if a victim provides their login information, the virus executes a program that posts 25 messages on the walls of the user's friends. If the user tries to delete the wall posts, the program automatically posts more messages.
The victims are tricked into executing the virus by clicking on a link, preceded by the questions, "Hi, is this you?"
It's not known if this latest scam is related to another phishing scheme that surfaced last week that appears to be more sinister in nature. It also tries to steal user names and passwords by claiming to be a message from Facebook about enhanced security. It purportedly takes users to a site where they can update their security.
However, victims who follow through with the scammers' request are in for a nasty surprise. They are promoted to download an "update tool" that, in reality, is the Zeus Trojan, malware that hackers use to steal bank account information.
Computer security experts have been following the progress of the Facebook phishing campaign and describe it as widespread. AppRiver said at one point it was tracking more than one thousand spam messages per minute per domain.
Because of the increase in phishing attacks launched through social networking sites, many companies are discouraging or prohibiting employees from visiting these sites at works. According to an October study commissioned by Robert Half Technology, an IT staffing company, 54 percent of U.S. companies have told employees to stay away from social networking sites like Twitter, Facebook, LinkedIn and MySpace, while on the job.