I got Facebook phished
April 25, 2010 3 Comments
Today I received a Facebook notification that a friend of mine sent me a message. She was asking if that was my picture and a link. I quickly sanity checked the link as I always do in emails, and yes, the link was indeed a valid Facebook internal link, so I thought of nothing bad. The site turning up at first looked a bit suspicious, but a splitsecond later it was all Facebook. The stylesheet probably took a while to load, after all it’s Sunday evening and everybody’s surfing facebook now. It was asking me for login, I haven’t logged into Facebook for a long time as I’m not really using it, so there you go. But the following page didn’t bring me to the picture that my friend was asking about, but to some totally different site. Weird I thought. So I checked into facebook.com again, and indeed the message was in my inbox (the first time around I opened the link from my email program). And clicking on the link makes it again asking for a password… That’s wrong. At this point I realized I got phished, even from a Facebook.com URL… probably one of the stupid apps or such. And my friend’s account probably already got hacked, otherwise it couldn’t have been used for phishing mine. FORTUNATELY, I entered the wrong password, hahaha. I have a couple of different passwords for all sorts of things, and what I entered wasn’t my real Facebook password (but of course, the phising login didn’t realize).