14 DAY TRIAL // Security researchers from Kaspersky have uncovered a Facebook phishing attack abusing the chat feature and stealing accounts at a rate of fifteen per minute.
The worm-like attack advertised the phishing URL through Facebook chat messages, which gave it a higher rate of success over the wall spam method, users have become accustomed to.
The message spammed by compromised accounts through read "Is this you?" and was followed by a link to a rogue Facebook application page.
This page displayed a fake Facebook login form inside an iframe and instructed users to authenticate themselves in order to access the video content.
When checking the directory structure of the external server hosting the rogue form, security researchers found an access log.
This log pointed them to a repeatedly queried file called acc.txt, which contained the stolen Facebook credentials.
"I downloaded acc.txt and saw that the file contained stolen accounts: in the first version of acc.txt which I downloaded I saw that the attacker had collected over 3000 accounts! "I downloaded the acc.txt at 5-minute intervals, and within 20 minutes, the number of stolen accounts went from 3000 to over 6000," says David Jacoby, the Kaspersky Lab expert, who investigated the case.
The compromised credentials were likely used via automated scripts to send more Facebook chat spam and expand the attack's reach.
The incident stands to show just how successful unsophisticated, but well designed phishing scams can be in a social networking environment.
Facebook's Security team was alerted and quickly suspended the malicious page. Because of the researcher's find, it was also capable of resetting the password on the compromised accounts.
However, this doesn't always happen. Next time, until Facebook intervenes, the attackers can already have thousands of credentials in their possession.
If you believe to have fallen victim to such an attack, immediately change your password. Also go to Account Settings and terminate all active sessions listed under the Account Security section.