There is a new spam message making the rounds on Facebook that purports to show criminals who have taken advantage of users’ friends. The spam message says that either the sender of the message or another friend have been the victim of a crime and that they need the targeted user’s help. The messages also contain links that direct the targeted user to Tumblr pages that will supposedly show pictures of the criminals. However, the links actually take users to a phishing page that looks similar to Facebook.
“The Tumblr links follow a pattern, but appear to be different for each recipient. The host name is always two or three random English words, and the URL includes a few random characters as an argument. The preview of the Tumblr page lists some random words and various simple icons,” wrote Johannes Ullrich, an analyst from the SANS Technology Institute. “Once the user clicks on the link to the Tumblr page, they are immediately redirected to a very plausible Facebook phishing page, asking the user to log in. The links I have seen so far use the ‘noxxos.pw’ domain.”
Scams like this one are particularly tricky because they play off Facebook users’ emotional connections to their own friends and family. However, with a little common sense and a close investigation, even cleverly camouflaged scams like this one fall apart.
Here is an example of a scam message circulating:
Compromised accounts spreading these scam links should change their Facebook password and check for rogue Facebook applications and rogue browser extensions:
For more information about phishing scams on Facebook, check out this detailed guide: