I got Facebook phished

Today I received a Facebook notification that a friend of mine sent me a message. She was asking if that was my picture and a link. I quickly sanity checked the link as I always do in emails, and yes, the link was indeed a valid Facebook internal link, so I thought of nothing bad. The site turning up at first looked a bit suspicious, but a splitsecond later it was all Facebook. The stylesheet probably took a while to load, after all it’s Sunday evening and everybody’s surfing facebook now. It was asking me for login, I haven’t logged into Facebook for a long time as I’m not really using it, so there you go. But the following page didn’t bring me to the picture that my friend was asking about, but to some totally different site. Weird I thought. So I checked into facebook.com again, and indeed the message was in my inbox (the first time around I opened the link from my email program). And clicking on the link makes it again asking for a password… That’s wrong. At this point I realized I got phished, even from a Facebook.com URL… probably one of the stupid apps or such. And my friend’s account probably already got hacked, otherwise it couldn’t have been used for phishing mine. FORTUNATELY, I entered the wrong password, hahaha. I have a couple of different passwords for all sorts of things, and what I entered wasn’t my real Facebook password (but of course, the phising login didn’t realize).

This was the  tipping point for me. I know that Facebook has turned into a large scambag for spammers and phishers lately, and their privacy policy is downright dangerous. Since I haven’t used Facebook for anything important anyway, it was an easy decision to deactivate it. (What is also scaring, if the phishers actually got my real password, only deactivating the account wouldn’t help… they can easily login using the credentials and reactivate it.) So long Facebook, I won’t miss you!

About Roman Kennke
JVM Hacker, Principal Software Engineer at Red Hat's OpenJDK team, Shenandoah GC project lead, Java Champion

3 Responses to I got Facebook phished

  1. Matěj Cepl says:

    https://ssl.facebook.com/help/contact.php?show_form=delete_account is the right URL you need. Change your FB password to some from http://grc.com/passwords so you cannot relogin if you are tempted and go for it! I have just removed my own account and a life is much better now!

  2. Pingback: GNU/Andrew’s Blog » Leaving FaceBook

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: