Facebook users hacked with direct messages

Facebook users have reported receiving direct messages which includes a link to a suspicious website.

In what could be the first major Facebook security story of the year, users have reported receiving a message that encourages them to visit the ‘binsservicestore.info' website after a friend's recommendation.

According to DomainQuery, the website was created on September 15, last updated on December 29, and is due to expire on September 15 this year. The sponsoring registrar is GoDaddy.com Inc and the administrator and registrant data provide contact details in India.

Rik Ferguson, senior security advisor at Trend Micro, said that binsservicesstore.info lands on a 'work from home scam page' that uses geo-ip to look like a local (to the user) online newspaper.

Andy Thomas, commercial director of UK firm Garlik, warned at the end of December about a scam on Facebook where a user is offered a free iTunes voucher. The scam, which came via an invitation and involves sending the group administrator a message with the user's name and email address, had around 464,000 responses.

Thomas said: “Some simple maths and logic says this is going to cost someone over £12 million. That is Hooveresque in promotional scale and we all remember what happened to them, the truth is this is a well timed scam that plays on people's trust of the iTunes brand and love of a bargain (it's called social engineering).

“The only gift members will get is a nasty surprise in an email (probably the one containing your iTunes ‘gift') or a permanent place on a phishing attack list sold, much like direct marketeers buy email or physical addresses. If you or a friend joined this list make sure they know what to expect over the next few days, weeks, months.”

See original article on scmagazineuk.com