Spoof Facebook page identified

2009-11-20

There is always much to look out for on the internet to avoid a data breach. It seems that the social networking world is not an exception to the rule, as a spoof Facebook page designed to steal passwords from users has been identified.

PandaLabs, the malware analysis and detection laboratory at Panda Security, found the fake Facebook page, which features a URL and content similar to that found on the real service.

It is designed to deceive users to reach a page where they can enter their user name and password. Data entered in this fake web page will end up in the possession of its creators.

Luis Corrons, technical director at Panda Security, noted that the spoof page is no longer available. However, he said he was certain "the bad guys" are working on other pages similar to the fake Facebook one.

"This one is just an example of what cyber-crooks are doing. The more people who use a platform, the web, or any other means, the more likely they are to be used by bad guys," he commented.

"Once cyber-crooks have user names and passwords they have all the details and can take any action from the account including spam comments with malicious links," Mr Corrons explained.

He pointed out that his organisation found out that Facebook accounts are being stolen and sold for $100 (£60).

The news comes after superstar Britney Spears's Twitter and MySpace accounts were reportedly hacked. Messages on her profile on micro-blogging service Twitter, claiming to be from the pop star and entertainer, suggested that she worshipped the devil.

Once her management regained control of the account the messages were deleted. Another message placed up on the feed apologised for any offence the Twitter comments may have caused.

So, those seeking to avoid an IT intrusion may want to keep an eye out for problems both on social networking sites and related websites.

Read more security news.