Message circulating on Facebook warns users to watch out for notifications that say a friend has commented on your status because links in the notifications lead to a fake Facebook page that will steal login details.
There are no credible reports about a current phishing attack with the characteristics described in this “warning” message. Facebook’s built-in notification system can no longer be exploited by phishing scammers in the way suggested in the warning. Thus, the message has no real merit as a warning. However, Facebook users should certainly be aware that scammers have often used bogus Facebook emails as a way of enticing people to hand over their login details on fraudulent websites designed to look like real Facebook pages.
THERE IS A NEW WAY TO HACK YOUR FACE BOOK. A NOTIFICATION WILL BE SENT TO AND SAY THAT ONE OF YOUR FRIENDS HAS COMMENTED ON YOUR STATUS, IT WILL OPEN A NEW PAGE & TELL YOU TO RE-ENTER YOUR FACE BOOK USER NAME & PASSWORD. CAUTION!! THIS PAGE LOOKS JUST LIKE YOUR FACE BOOK LOGIN PAGE, SO BE ON THE LOOKOUT!! PLEASE RE-POST THIS!! BE AWARE FRIENDS 🙂
This urgent-sounding, ALL CAPS “hacker alert” has been circulating continually around Facebook since at least January 2011.
The message warns users of a “new way” to hack Facebook accounts. According to the message, you should watch out for Facebook notifications that inform you that a friend has commented on your status because clicking the link in the notification will open a fake Facebook page designed to steal your login details.
The message exhorts users to pass on the information to make others aware of the supposed new threat.
However, the message is too vague and misleading to have any real merit as a warning. Firstly, by its use of the word “notification”, the warning implies that the malicious messages are being sent via Facebook’s own onsite notification system. However, while at one point rogue Facebook applications could make malicious use of the Facebook notification system, this ability has long since been restricted. Thus, it is not possible for scammers to use Facebook’s notification system for phishing attacks like the one described in the “warning”.
Secondly, although the warning has now been circulating continually for several months, there are no credible security alerts about a phishing attack with the characteristics of the one described in the message. While the warning has popped up over and over again all across Facebook for months, no believable reports about actual instances of the supposed attack have surfaced.
Thus, sending on such an outdated and inaccurate warnings will not help Facebook users stay secure. In fact, such pointless warnings do nothing more than clutter Facebook newsfeeds with even more useless information.
That said, users should certainly be aware that scammers have repeatedly used phishing attacks designed to steal their Facebook login details and such attacks are likely to continue. Often, such attacks are conducted via phishing scam emails. The emails, which are designed to closely resemble genuine Facebook messages, try to entice recipients to follow a link. Those who do follow the links will be taken to a bogus website designed to look like the genuine Facebook login page. If a user proceeds to log in on the bogus site, scammers can then collect his or her login credentials and hijack his or her real Facebook account.
As a security precaution, Facebook users should be cautious of following links in emails even if they appear to be genuine Facebook messages. And, when logging on to Facebook, users should check the web address to make sure they are on the real Facebook site and not a fake, look-a-like phishing site.
But, again, while Facebook phishing attacks are certainly real, sending on misleadingly inaccurate, hopelessly outdated and overly “urgent” warnings about them will do no good whatsoever. To have any merit as a security warning a message needs to contain accurate, detailed, verifiable and up-to-date information. Otherwise, they are likely to do more harm than good.