WARNING: Facebook Scam On the Loose, Steals Passwords

Facebook is falling prey to a widespread phishing attack today that tries to steal your login and spam your friends.

I’ve got a number of messages in my Facebook inbox with links to “FBAction.net”, a site that displays a fake Facebook login. Enter your details there, and it will spam all your friends with the same message and link. More worrying: you might get locked out of your account for a time until Facebook sorts out this mess.

There is no malicious payload with the attack, it seems: no virus is downloaded or any other nasties: it’s simply a huge nuisance for Facebook users.

As always, don’t enter your Facebook password if the URL is not Facebook.com, and contact Facebook if you’re no longer able to access your account.

from CNN:

Fears of impostors increase on Facebook

Without his input, Bryan Rutberg’s Facebook status update — the way friends track each other — suddenly changed on January 21 to this frightening alert: “Bryan NEEDS HELP URGENTLY!!!”

His online friends saw the message and came to his aid. Some posted concerned messages on his public profile — “What’s happening????? What do you need?” one wrote. Another friend, Beny Rubinstein, got a direct message saying Rutberg had been robbed at gunpoint in London and needed money to get back to the United States.

So, trying to be a good friend, Rubinstein wired $1,143 to London in two installments, according to police in Bellevue, Washington.

Meanwhile, Rutberg was safe at home in Seattle.

Rubinstein told CNN he misses the money, but it’s perhaps more upsetting to feel tricked by someone who impersonated his friend on Facebook, a social-networking site where millions of friends converse freely online.

“It’s an invasion of your whole privacy, who your friends are,” he said.

Even more frightening are the depths scammers will dig to get information to use against your friends.  TechCrunch published a transcript of an instant message exchange between a user and a scammer who gleaned information about the person he was interpreting from the photos in the account.

from TechCrunch:

Latest Facebook Scam: Phishers Hit Up “Friends” for Cash

Today we received a transcript from Rakesh Agrawal, President/CEO of SnapStream, that shows how the scammer dug through his friend Matt’s profile to learn about his wife and children. Fortunately, he didn’t do quite enough digging.

7:20am Matt:
hi
whats up?

7:20am Rakesh:
Hi Matt
Everything OK?

7:21am Matt
well,im really stuck here in london
i had to visit a resort here in london and i got robbed at the hotel im staying

7:22am Rakesh
ack… that’s terrible. Sorry to hear it.

7:22am Matt
yeah,thanks
we just want some helo flying back home

7:23am Rakesh
So why are you stuck there?’

7:23am Matt
all my money to get a ticket back home got stolen

7:25am Rakesh
I didn’t understand this “we just want some helo flying back home”

7:25am Matt
help*
actually i got some money wired to me to catch a flight back home
but we still need $800 more to complete our ticket fee and fly back home

7:26am Rakesh
good
Honestly, it sounds like someone’s hacked your Facebook account and is using it to defraud your friends.

7:26am Matt
i have the money in my checking acct,i cant just access it from here
this really me
Lauren is here with me
and my kids

7:28am Rakesh
your wife’s name is on your profile page

7:28am Matt
what about my kids name?

7:28am Rakesh
in photos?
how do we know each other? when did we meet?

7:29am Matt
from school

Rakesh writes that he does not know Matt “from school”, and that he was blocked as soon as the impostor realized he was on to him.

Moral of the story?  Take steps to protect yourself and your account. Practice vigilance.  Here are some tips from the CNN article:

• Be suspicious of anyone — even friends — who ask for money over the Internet. Verify their circumstances independently, either by calling them directly, or checking with mutual friends.
• Choose a strong password and use unique credentials for each of your Web accounts. Facebook says hackers tap into one site and then try to reuse passwords on others.
• Use an up-to-date browser that features an anti-phishing blacklist.
• Use and run anti-virus software on your computer.
• Reset your Facebook password if you suspect your account has been compromised.
• Have more than one contact e-mail address. This will help if one of them is hacked.

Should Colleges Warn Users About Twitter Scam?

Last week, a “phishing” scam struck Twitter, a micro-blogging service. It was a new problem for the latest species of social-networking site. And like most new problems involving such services, it challenged college administrators to determine how to address an issue that might affect students and professors.

As social networking has proliferated, especially at colleges, so have social-networking scams. Last month, it was a team of interlopers squatting in “Class of 2013” groups on Facebook for marketing purposes. This time, it was an Internet con artist baiting Twitter users into handing over their private log-in information.

West Virginia University’s Office of Information Technology was one college that cautioned its users about the Twitter scam, posting a brief warning on its own Twitter feed. Sarah Barnes, a Web developer for the university who posted the warning, said the volume of online scams makes it increasingly necessary for administrators to teach students how to avoid becoming victims.

Mark Greenfield, director of Web services at the State University of New York at Buffalo, argues that advising students on how to avoid Web scams should be part of a college’s duties in loco parentis. He said that administrators need to be “proactive, not reactive” about teaching students how to avoid online traps. “It’s part of computer literacy now,” he said.

In order to position themselves to authoritatively educate students about how to protect themselves online, Greenfield said administrators must not lag behind students in their familiarity with social networking risks and trends. —Steve Kolowich

New phone phishing scam circulating

WVU faculty, staff, students and others are receiving fraudulent phone calls claiming to originate from the WVU Employees Federal Credit Union.

The random calls are made after hours to personal cell and land-line phones, including unlisted phone numbers. An automated voice informs call recipients that their debit card or account “has been suspended” and directs them to call a number.  Do not call the number. The credit union never contacts its members through obscure voice mails.

For more information, go to http://www.wvucu.com/securityInfo.html or contact the WVU OIT Help Desk at 293-4444 or http://oit.wvu.edu/helpdesk/.

The other phishing scam involved Citi cardholders.  State of WV Purchasing cards happen to be Citi cards, so the WVU PCard Administration sent out the following note:

Please advise your cardholders if they receive a phone call from vendors or Citibank, do not respond.  Should the bank put a block on a card, our office will be notified by State Office and we will notify the DCC who can then verify with the cardholder whether to call the fraud department at Citi.

There has been a lot of fraud lately and calls to cardholders.

Never give out personal information or card information.

If you have any questions, please do not hesitate to contact our office.

Thanks!

‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
PCard Administrative Services

THEN this afternoon we got hit with another one.  This one actually downloads a virus to your PC.  [BTW It's a .exe virus, so it only effects Windows.]  Here is what we posted about that:

WARNING: Greeting Card Email

(August 14, 2008) A new email is showing up this afternoon in WVU GroupWise email accounts telling users they have received a greeting card.  Do not open this email. The link within the message actually downloads a virus to the user’s PC.

The OIT Help Desk has been informed of this problem and is advising users to simply delete the email if they see a message with a subject line of ” You’ve received a greeting ecard.”

If you have any questions or concerns, please contact the OIT Help Desk at 304-293-4444 or email oithelp@mail.wvu.edu.

Greeting Card Email – How to Identify that it is spam

So today was pretty eventful. Please remember to be selective about what links you actually click on from emails you receive.  Generally it is preferable to visit the website directly rather than use an emailed link.

So…Be vigilant!  Here are some links we have you might want to take note of:

• OIT News and Announcements – This is our main conduit of information from OIT.  You can subscribe to the RSS feed and be notified immediately when we post something new.  Keep in mind though that the email version of our RSS is a daily digest, so the posts are only delivered once per day.
• Technology Resouces: Spam and Phishing
• Technology Resources: Computer Security Updates & Information
• WVU Information Security Office