Hackers phish for Facebook bait
Members duped into revealing passwords at bogus Facebook login webpage
Facebook has been the target of a massive phishing scam that tricked users into revealing account passwords through a bogus login page of the social networking site.
The company reacted to the security threat by blocking the link that was being used to redirect members to the fake webpage and said it would expand its alliance with net security firm MarkMonitor in a bid to step up protection.
The page is believed to have captured password information, which hackers used to access Facebook profiles and impersonate users of legitimate accounts to lure other users into the trap.
While several accounts might have been compromised, the company is working on reversing any changes made.
“We've been removing these links from Walls and Inboxes across the site and resetting passwords for any of the compromised accounts we detect. This foils the bad guys, because the login information they collect will no longer work,” a Facebook blog posting reassured.
The company is also monitoring any unusual activity to detect other threats before they become widespread.
“For instance, when someone posts to their friends' Walls at a higher rate than usual, we flag the account as potentially compromised. If we suspect that your account has been compromised, we ask for additional information to confirm your identity,” stated Ryan McGeehan, an incident response manager on the security team at Facebook.