Affected users receive a notification that someone has commented on one of their posts, but clicking on the hyperlink in the notification leads to a malicious site hosted on the fucabook.com domain, according to Trend Micro senior security advisor Rik Ferguson.
The malicious site then pulls up the real Facebook log-in page to prompt users to enter their details again.
The notifications appear to come from a dubious sounding app called 'sex sex sex and more sex!!!' which has over 287,000 users signed up already, said Ferguson. He warned users to always check the URL of a site in the browser bar before entering sensitive information.
"Also check the true destination of a link before clicking it by hovering your mouse pointer over it. If it looks suspicious, don't click it," he wrote in a blog post. "Also, if you're a Facebook user, now would be a good time to review your privacy settings and clear out any applications you no longer use."
Rogue Facebook app harvests user credentials
By
Phil Muncaster
on Aug 18, 2009 10:22AM
Facebook users who allow third-party applications onto their desktop have been warned that a rogue Facebook app is luring users to a site set up to harvest their credentials.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
Albemarle cuts e-waste, capex spend "substantially" by hiring rather than buying
Modular computing is helping businesses think bigger without having to go bigger
Promoted Content
How UniSuper used BiZZdesign to accelerate its digital transformation
Promoted Content
Five ways Russian cybercrime tactics have changed
Sponsored Whitepapers
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
