The president is finally taking charge!!
Is this really for real?.
The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected, via a cross-scripting vulnerability on an MIT webpage and then Reddit, to a phoney Facebook login page.
It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.
Incidentally, the page is hosted on an almost identically-named domain to one we’ve previously seen used in a Facebook phishing campaign.
Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.
Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.
So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.
Source :- http://nakedsecurity.sophos.com
- The President is finally taking charge? No, a Facebook phishing attack (nakedsecurity.sophos.com)
- Facebook phishing: Can you spot the difference? (blogoholic.in)
- PREVENTING SPAM scam on Facebook does exactly the opposite (pratyushkp.wordpress.com)
- If Phishing Goes Mobile… (paulsparrows.wordpress.com)
- Anti-Phishing Day (eset.com)
- Avoiding Facebook phishing (commtouch.com)