Facebook email offer is blighted by scammers

INSECURITY OUTFIT M86 Security has warned about a risk facing Facebook users that pretends to be an invitation to the social notworking firm's email and messaging product but is actually a phishing scam.

The attack was spotted by M86 Security researcher and apparent Hip Hop emcee Satnam Narang, who explained that users should always be on the lookout for such attacks.

Logging into the Facebook social notworking website appears to require some sort of cyber beekeeping suit, as users are expected to bat away threats, potential bugs and privacy scares like the honey-man does his guests.

This latest attack seems designed to exploit the gullible and apes typical pages and permissions to harvest user logins and passwords, making it much more of a taker than a giver when it comes to rewards.

This Facebook attack is rather more sophisticated than others of its kind, the researcher explained, and takes a layered approach that at first takes privacy details and then leads users to compromised pages.

"There are multiple layers being utilised in this phishing campaign. At first glance, the URL hidden behind the bit.ly link is using a redirect via the Yahoo! Mobile Login page," he wrote.

"The second layer is that the redirect sends the user to o-home.nl, which looks to have been compromised. It is possible that the website is running an unpatched version of WordPress, as the link above shows the payload residing under a 'wp' folder, which is a WordPress specific folder."

The final layer is the one that takes Facebookers to the last destination, a compromised website that might take a number of forms.

Narang said that users should always be careful when using Facebook and should encourage their friends and contacts to do the same. µ