Tumblr 101: Tips And Tricks To Get Started
Sebastian Thrun: Google's Driverless Car
Facebook users hit by password-stealing attack: here's how to stay safe!
For starters, there are 350 million + users to go after. On top of that, many are less computer-savy users (like your parents and mine, teenagers, etc.) who may not be familiar with malware and how to protect themselves. Add in the fact that Facebook makes a great, centralized location to steal all kinds of information about you -- and a jumping off point to steal from your contacts -- and it's easy to see why malware crews would target the site.
Take the jump for more on this particular attack, and how to avoid trouble (be sure to share with your non-techy friends)!
The message reads as follows:
Dear user of facebook ,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
Your Facebook.
Here are a few clues that this message is (and others like it are) fake:
- It has an attachment: big, reputable sites like Facebook never send out emails with attachments -- especially not on password or account alerts
- It's addressed to "user of facebook": Facebook knows your real name, and they use it when they email you.
- The tone is too casual: an actual "safety alert" from Facebook would be written in a much stronger tone.
- It's too short: warnings from popular sites tend to be wordy. Bad guys, on the other hand, are usually lazy and won't bother to write a lengthy message.
- "facebook" isn't capitalized: that's a stylistic gaffe you'd never see on an official Facebook message.
- Facebook doesn't email new passwords: when you do a reset, for example, they'll send a random code to your inbox and a link to a form where you can create a new password.
Another helpful download for less experienced users is a link scanner like WOT or AVG's LinkScanner -- both are part of our list of 10+ tools for safe web browsing.
Comments
6
Subscribe to commentsKarthik.KMar 18th 2010 8:47AM
Thanks for the info!
_
Regards,
Karthik.K
dell_prmanMar 18th 2010 8:58AM
Like the plagues of old........
I'm ambivalent about Facebook. Started an account and now largely ignore it. I grew very tired of farmers, mafia members, gold fish bowls. It proved a colossal waste of time.
dustyme2Mar 18th 2010 10:01AM
I've had a Facebook account for almost 2 years, and almost deleted because most of my friends just wanted to play the stupid games & join every corporate-sponsored fan-page & group out there. Hey fine, but quit trying to recruit me! It's a social-networking site--I'm actually here to be social.
This latest phishing scam is no surprise to me (I tend to be a bit paranoid about most apps & groups, since I actually read the EULA's). Sadly, most of my friends would rather spend time whining about how they got taken than learning about personal security.
TeddyMar 18th 2010 12:04PM
In the words of leo laporte
Don’t open email attachments; even if it’s from someone you know. If you do get something from someone you know, make sure that they really sent it to you. Email attachments are the number one way viruses and trojan horses get into your email. You might also want to turn off HTML email in Outlook and other programs. HTML emails are just as dangerous as rogue web sites, and can spread infections just by previewing them.
BillRMMar 18th 2010 8:51PM
Download the free version of a program by the name of sandboxie and run your bowser in it.
Anything a malware program installed will be wipe out as soon as you shut down the sandbox as it never get to install on your machine only in the sandbox.
Lee MathewsMar 18th 2010 8:57PM
Bill-
While I, too, think Sandboxie is an excellent program it won't necessarily protect people against this kind of attack.
No, the zip file won't be there after you quit browsing, but it could very well accomplish enough to swipe your Facebook data --especially if you're already logged in to Facebook in your sandboxed browsing session.