Fraudsters phish for Facebook user details

facebook-homepage

Facebook users are being targeted by a new wave of phishing attacks.

According to the security firm, Symantec, the attacks use a person's Facebook account to send an email containing a malicious link to that person's friends. The link directs users to a site that looks identical to the Facebook login page.

The victim is prompted to provide their login information, which the fraudsters use to hijack their account and spread the link.

However, Symantec warned that the fraudsters are probably after more than people’s Facebook details. In the Symantec Security Response blog, Marian Merritt writes that the company “believe the focus on Facebook isn’t simply to dupe a handful of people in a drawn-out financial scam.

“Some suspect it is part of a larger effort to target those who are highly-connected adopters of online environments and likely to be users of many related online services. Get one password for the right person and it’s like having their wallet handed over," she says.

The company said it was working to remove messages with the malicious links and help secure compromised accounts. But it said Facebook users must also observe best practice, for example, by not having the same password for multiple accounts and maintaining a high level of caution.

More advice is given on the blog.