Lies, Damned Lies, and Facebook Comments
In checking my Facebook newsfeed, I spotted a rather insensitive attempt at humor in one of my nephew’s status updates. This isn’t surprising, it runs in the family, but what was surprising was some else had commented on his status saying “I can not believe you are in this with her. Wow. http://apps.facebook.com/xxxxxxxxxxxx”. There are numbers where the x’s are, but I don’t want people following the link. Yes, it points to an unsafe Facebook page that links to an unsafe Google page that redirects to a phishing page in Russia. The phishing page is down for now, but could reappear.
For my Nephew’s fiends that clicked on the link they are redirected to a page that looks like this.
The icon in the address bar looks like Facebook. The login screen looks like Facebook, but this is not Facebook at all. If any of my nephew’s friends logged in here they gave the bad guys their username and password.
Never, ever, ever log into anything from a link you clicked on in a Facebook comment. In fact, you should never log into Facebook unless you typed in www.facebook.com. Yes, that means you don’t click on a comment in an email and then log into your account, you log into your account by manually typing in the name of the web site.
The reality is that people’s Facebook accounts get compromised all the time. Just because it shows up as a friend saying it, it doesn’t mean the friend actually did say it. Just because a link says something it doesn’t make it so. For example, where would you expect this link to take you? http://www.facebook.com/. Go ahead and click it, just don’t log in!
Remember, the bad guys know that Facebook users are generally really easy to trick, and they will stop at nothing to get ahold of your account. Your account is actually valuable to criminals, so they want it. If you use your Facebook password on other websites as well, if your Facebook account is compromised your other account(s) probably will be compromised as well. If your email account is compromised it may cost your friends a lot of money too. It is very common for an attacker to steal an email account and then email “friends” claiming to be in dire circumstances and in need of some monetary help. It happens all the time.
So, remember, there are lies, damned lies, and Facebook comments. Keep alert, stay safe, never log into Facebook or other sites from a link you clicked on, whether it is in a friend’s comment or a “Facebook” email you received.
Independent Security Analyst