The messages look something like this:
Usually, however, the clickable links at the bottom of messages on your Wall – highlighted in pink below – should look like this:
With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.
The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:
The lessons to be learned from this outbreak of spam are as follows:
* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.
* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.
* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.
If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.
(Remember that as a Facebook user, you aren’t a customer. You’re effectively an informal employee, paid not in cash but in kind. Your “wage” is free access to the Facebook system. Your clicks generate the value for which Facebook can charge its customers – the advertisers who benefit from the fact that you use the network at all. Don’t sell yourself short.)
Source :- http://nakedsecurity.sophos.com
- PREVENTING SPAM scam on Facebook does exactly the opposite (nakedsecurity.sophos.com)
- Facebook spam prevention scam spreading like wildfire (go.theregister.com)
- Verify My Account Spam Runs Rampant On Facebook (allfacebook.com)
- Facebook Security Features Crack Down on Scams and Spam (webpronews.com)
- Facebook adds new user security features (news.cnet.com)
- Facebook adds new user security features (news.cnet.com)
- “F – You Faggot. Go Kill Yourself”: Facebook Spam Just Got A Whole Lot Hatier (queerty.com)
- Don’t fall for the “First Exposure: iPhone 5” Facebook scam (news.cnet.com)
- Don’t fall for ‘First Exposure: iPhone 5’ Facebook scam (news.cnet.com)
- Facebook Partners with Security Startup, Protects Users From Scammer’s Links (readwriteweb.com)
Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack.
A typical message reads:
Spam is sent from your FaceBook account.
Your password has been changed for safety.
Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.
Please do not reply to this email, it's automatic mail notification!
The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.
Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.
We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.
After all, it’s not as though spam being sent from Facebook accounts is unusual.
If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" , but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.
Sophos products intercept the attack as Mal/BredoZp-B.
If you are one of those many people who can’t get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.
- Spam from your Facebook account? Malware attack poses as official warning (nakedsecurity.sophos.com)
- Facebook password changed? Malware attack poses as message from Facebook support (nakedsecurity.sophos.com)
- DSC0173519.zip – spammed out malware attack poses as photo attachment (nakedsecurity.sophos.com)
- My naked picture is attached – malware spammed out (nakedsecurity.sophos.com)
- Beware of Facebook Email Malware Scams! (lockergnome.com)
- ALERT: New Facebook Email Malware Spreading (allfacebook.com)
- Malware Watch: ‘Spam is sent from your FaceBook account’; Spamvertised malicious photos (zdnet.com)
- FedEx notification malware attack spammed out (nakedsecurity.sophos.com)
- Spammers target Facebook (knoxnews.com)
- Spammers target Facebook (physorg.com)
Yesterday around 150000 Gmail users account were disabled by the Google system. They lost all their emails, attachments and chat logs. Google explained that approximately 0.08% of its users were affected by this bug. This bug reset all these accounts and even sent them the Google start up mail that any new user of Gmail receives.
Google reported on its dashboard that the engineers are working to get the problem fixed and restore full access. When the Google spokesman was contacted, a clear message was sent across stating that all the mails and accounts would be restored. Though many users are still apprehensive about the fact that all their messages would be restored.
Meanwhile others are advised to take precautions and store a backup of all their emails. There is a free application for Mac, PC and Linux called Gmail Backup. This is quick and easy to use. After downloading this software, Google asks for your account details and begins backing up your emails securely. Users have suggested various other sites for backing up their emails as many found that this software is not supported with Mac. Some of the popular ones are backupify.com and eternos.com.
- Gmail bug deletes emails for 150,000 users (infoworld.com)
- Gmail Bug Deletes E-Mails for 150,000 Users (pcworld.com)
- Free Backup Gmail Emails with Gmail backup (madrasgeek.com)
- 150,000 Gmail users bugged, all Emails and attachments lost! (globalthoughtz.com)
- Google Explains Gmail Fail That ‘Erased’ Users’ Emails, Disabled Accounts (huffingtonpost.com)
- Google Glitch Disables 150,0000 Gmail Accounts (mashable.com)
- Google: Bug Wipes Out 150,000 Gmail Accounts (blogs.forbes.com)
- Google wipes 150,000 Gmail accounts. WHY? (chatootsboots.wordpress.com)
- Gmail Eats 150,000 Accounts (searchenginejournal.com)
- GFail: Google ‘Very Sorry’ After The Cloud Eats 150,000 Gmail Accounts (wired.com)