On Facebook. As phishing goes, this one so far seems to have been pretty lame. As far as I know, the phisher(s) only learned my Facebook password–which I have since changed. Then a message was sent out to all the people on my “friends list” (all 36 of them). The message purported to be from me and the subject said “This changed my life!” It then said, “I lost 23 pounds this way and you can too!”…and then provided a link for them to click on to investigate this astounding phenomenon.
How did this happen? I know exactly how. Because I got a message from someone else first.
Today is Saturday, and last Tuesday, I got an email from Facebook saying that my friend Debbie had posted a message on my “Wall”. (Silly Facebook language.) The message said, “You will love this!!!” Followed by a link. At the time, I was checking my personal email from work. I clicked on the link, and a box came up telling me I had to first log on to Facebook…not uncommon…but I decided I didn’t have time for all that, so I exited, deciding I would wait until I got home to check it out.
In hindsight. At the bottom of every message from Facebook it says something on the order of, to see this message or to follow the thread, click here. Then it will ask you to log on to Facebook if you aren’t already. It should not have asked me to log on to Facebook when I clicked on the link WITHIN the message…but that totally escaped me at the time.
When I got home, I logged onto Facebook and indeed, there was the message posted on my “Wall” from Debbie. I clicked on the link in the message, and once again the box popped up telling me I needed to log on to Facebook. I briefly thought, Isn’t this odd? Why is it asking me to log on? I’m already logged on. This should have been the Big Red Flag moment. And in hindsight, it was. But I did it–and it took me to a website which had something to do with how to get Internet access on your cellphone. I thought, isn’t this odd! Why would Debbie be interested in my cellphone?
But the Phisher had captured my Facebook password, and so far, it seems, nothing else. When I got to the (probably phony) website, nothing happened. It didn’t ask me for any personal information, which is the point of phishing. This leads me to believe that what we have here is a baby Phisher, one who is just testing his little scaly wings. It seems you can buy kits to help you replicate legitimate websites. I guess this is the Internet Age version of getting a chemistry set for Christmas.
When you think about it, social networking websites are the perfect Phishing ponds. Facebook is apparently the most successful social networking site ever: they claim to have 250 million users, and I’m inclined to believe them.
The message sent from “me” went out yesterday, and I was in a panic for about 12 hours, which caused me to change all sorts of passwords. In the end, I guess that wasn’t such a bad thing. And since there is humor in almost everything, here’s what was funny about this: if you were going to send out a message from “me”, you should make the topic be like…wildlife preservation or something. But weight loss?
My friend Chris, who was the first and only person to alert me to the phony messages being sent out in my name, said, this has to be fake, because no offense, but I don’t think you have 23 pounds to give!