For those of you who have Friendster accounts, you might have noticed the growing number of spam messages and comments. This past few months, I’ve noticed a new breed of spam comments showing up on my inbox or profile and other people’s profiles. They’re not just mere spam comments but a kind of phishing scam disguised as hyperlinks, comments or embedded YouTube videos. These are totally different from the malicious Friendster javascript that I blogged about two years ago. If you don’t know what the term phishing means, here’s a short definition from Wikipedia:
phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
The ones I get on my inbox are usually a message from someone on my friend list who obviously got their accounts hacked. The usual subject would be “Wow” or “Cool” and the message would contain a sentence or two and a URL. I never click on it and delete it right away. Here’s an example:
Phishing message
Phishing comment disquised as an adult chat/webcam site
Phishing comment disguised as a YouTube video.
The last one, the phishing comment disguised as an embedded YouTube video if clicked would bring you to login2.friendjster.com, a phishing site pretending to be Friendster’s login page. If the unsuspecting user visits the site and provides his/her email address and password, that information would be used by the phishers to gain access to these Friendster accounts. I’m not sure about this, but according to some Friendster users some of this spam/phishing comments don’t even require the user to provide the login details of the account. All the user has to do is click on the comments and everyone on that person’s list of friends would receive the same spam/phishing comment on their profiles sent by the unsuspecting user.
I’m pretty sure the staff of Friendster are already aware of this but I don’t know what fixes or preventive measures they’ve done to fight this type of phishing scam. There is a way to prevent the further spread of these phishing scam comments and it involves a little bit of common sense and some preventive measures on the user’s part. When you receive a message containing a URL or link on your Friendster messages, never click on them even if they were sent by your friends or family members. If you want to be sure, send them a message asking if they were really the ones who sent it to you.
These phishers (people behind these phishing scam) are smart and they send these phishing comments to people listed as friends of the compromised account because it would look less suspicious since the one who sent it was a friend. They also know that most Friendster accounts are set to automatically accept messages and comments from friends or people connected to them in the third degree. What I did on my account was to moderate comments. So everytime someone tries to leave a comment on my profile, I’ll have to approve it first before it shows up on my profile. That way, if its a spam or phishing comment, it won’t automatically show up on my profile and no one will see it or click on it.
I’ve also deleted all these phishing comments from my profile so that people who visit my profile won’t be tricked or fall victim to this scam. I’ve seen lots of Friendster accounts that still have these phishing comments and as long as they’re there, the chances of someone getting fooled into clicking those links would be higher and the more people who fall victim to this scam, the more it will spread. So if you have a Friendster account, go through your profile and delete all phishing comments.
Other preventive measures to keep your Friendster or any social network account safe are:
1. Use a strong password (at least 8 characters and combination of numbers, letters and symbols).
2. Change your password often.
3. Never post your email address on your profile.
Remember folks, always practice safe computing because it’s always better to be safe than sorry!
For those of you who have Friendster accounts, have you received these type of phishing messages and comments? Did you click on them or was tempted to click on it? I’m sure a lot of guys were tempted to click on the second one with the sexy girl on a webcam. LOL Anyways, if you know of other information regarding these Friendster phishing scam or know of other preventive measures, please share it with us.
Thanks for your time and have a nice day!
Hi, just want to inform you that i have been bothered recently by several guys who, according to them, want to date or marry or have a relationship with me…all of these in my friendster account. At first, there were two whose pictures looked like indian nationals. I didn’t mind them and just deleted it. After maybe two weeks, i received another batch of males – one from UK, and mostly from US. The one from UK was persistent and so I tried to chat with him for several days. He seemed nice except that he didn’t understand the word ‘NO’. And when he mentioned inviting me to Nigeria to attend his son’s birthday – I got alerted. Coz di ba Nigeria has so many scams? Today, another chatmate from the USA whom I gave to a friend emailed me thanking for giving him email of my friend. And he was leaving for West Africa. Gosh, Africa na naman. Today also, I got another invite from another male in my friendster – the most handsome pa sya. He said all my pics in my profile were great. I double checked my profile photo but I didn’t think it would generate that much admiration. I have received more than 10 already in a span of 2 weeks, excluding the two I have deleted. Parang bumabata ang ibinabato nila sa account ko. It started with 47, the latest is now 38. I am a single mom and 47 years old na nga but i did not indicate in my friendster that I needed a relationship. Friends lang inilagay ko coz that was the most harmless and nearest to the truth. I merely used friendster so I can show pics of my son to my friends and relatives abroad. I can sense that something is really fishy and very wrong here. Bakit parang ayaw akong tantanan. I am quite good in mind games but with the way things are going, I find all these way out of my league. I googled for similar problems pero parang wala pa yata eh. What do you call this scam? Wala pa silang nakuha sa akin except platonic friendship.
Jaype,, is there any way to trace these hackers? Me too (i mean my FS Account) is a recent victim of these phishing scam thing…if we can’t trace these bastards how can we pin point at least to pinned them down…Note: i still have 2 granades to blow these demons out there
My friendster profile was actually infected with these spams. and i happened to click one of the links. please help me get rid of these… Thanks…
“the phishing comment disguised as an embedded YouTube video”
Can you provide a link to this (if it hasn’t already been removed)? Were users tricked into clicking the image by pressing the play button? I’m curious to see how someone could be fooled by this or how the spammers could even post it, because I didn’t know that you could post images on YouTube. Or did they use one of those programs that allow links in the video?
If I were a spammer, I would be scared of these social networking sites after MySpace won that $230 million lawsuit against two spammers. Hell, I’m even afraid to post a link to my site to people that I know on MySpace, which is probably exactly what MySpace intended-to scare the hell out of would-be spammers. These spammers have big ones, don’t they?
These messages are pretty tricky though. If you’re not concentrating on what you’re doing, or are distracted, you could get fooled by them unfortunately. :(
After I read this article, I will change my password often
and I never post my email address on my profile. I will send
this article to my friendster list for them to know this.
it’s really annoying….i hope friendster management could find a solution to this ASAP.hehehe
BEST BLOG ever to stop this Friendster phishing spam and scam:
http://friendstertips.wordpress.com/2008/12/31/how-to-stop-friendster-spam/
@jhay – Yeah but the previous ones weren’t as rampant and effective as these ones. I only use Friendster to keep in touch with friends. :)
These phising attacks via Friendster isn’t exactly new. It’s been around for years now, apparently, Friendster has done little to deal with it.
It’s a good thing I’m not a Friendster fan.
@loy – That’s what I thought too at first. Then a few days after I discovered they were links to phishing sites. Good job with handling these phishing scam comments. If more Friendster users do what we do, these types of scams won’t spread that fast and that much.
I thought that “webcam video” is just a spam ad to earn money from clicks. I received such comments which I deleted, set the comments to be be moderated, and kicked out the offender. hehe…