Nothing Funny About Facebook's "Most Hilarious Video Ever"
Just when you thought it was safe to fish again in the Facebook waters, up pops a new phishing scam (the third of its kind) to hit the network. Team-Zuckerberg has had their hands full trying to address one privacy issue after another. New malware attacks like this only exacerbate the problem and continue to chip away at the core of Facebook's credibility.
For the third weekend in a row users on Facebook are presented with status update messages on their walls with links to Distracting Beach Babes, Sexiest Video Ever and now this latest attack titled, the "Most Hilarious Video Ever," as shown here...
While slightly different from the other attacks, once you click on the link to view the video you are taken to a fake Facebook login page where you are tempted to enter your login credentials. (Don't) - because if and when you do - you are basically giving the hackers exactly what they want - access to your data.
However, according to a Websense report, regardless of what you enter as your login, you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that - you're taken to a page saying that you need to upload a FLV Player to view the video. Up until this point it's similar to how the two previous attacks have worked, except that this new one also has a phishing component.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of anti-virus engines, as can be seen in the screen shot:
As viewed in the 3 minute video, there is a different download screen for the UK versus the US.
For those that are just tired of all these phishing and malware disruptions on Facebook, there are security systems that can filter both spam and malicious content. Free downloads of Defensio which is a security software for your Facebook account can be downloaded for this purpose.
Amazing, that with privacy as the number one topic du jour, that Facebook's userbase has to resort to special software just to ward off malicious content on a social network. Perhaps, Mr. Zuckerberg, you should spend more time in cleaning up your site before forcing your privacy standards on the world. There's an old saying about "keeping your house in order" before inviting company. I think you'd be wise to take that advice.
For other related phishing scams on Facebook, see "Facebook's Gone Phishing Today With PayPal, eBay & HSBC."
Please sign up to get my latest updates here.