May 15, 2009, 4:16 PM — Facebook was hit with yet another phishing attack yesterday as malicious e-mails went to some of the social networking site's 200 million users. The attack, which Facebook is actively fighting, asked members to leave Facebook and access outside sites that then stole user names and passwords.
The malicious e-mail messages were of the garden variety for scams: poor grammar, misspellings, and a request to visit an external site that included the domain name www.151.im, www.121.im or www.123.im (do yourself a favor and don't click on those links). Once there, users were asked to log in again with their Facebook user ID and password, and boom -- suddenly, your information is released and becomes a vehicle for spamming.
Like the phishing attacks on Facebook late last month and early this month, these efforts seemed only to steal user names and passwords, not infect a computer with viruses. With these log-in credentials, phishers attempt to access Web mail services, as many people use the same log-in information for multiple sites. Identity theft could spring from there.
A Facebook spokesman told the New York Times that Facebook was "blocking links to new phishing sites, cleaning up phony messages and Wall posts and resetting the passwords of affected users." The number of those affected is undetermined.
There are many ways to protect your identity on Facebook, including varying your passwords, changing privacy settings and keeping a close eye on the domain name. Also, if your college-educated friends start typing like third-graders, something's probably up.
