|
BY JOY FANG
THE next time you see a close friend announcing a good deal on Facebook, beware: It might be a trick hatched by hackers.
The high-traffic social-networking website is the latest tool that hackers are using to 'phish', that is, to steal personal information to carry out online fraud.
Publishing editor Eric Pang, 26, realised that something was wrong with his Facebook account two months ago when it kept posting sham messages on his wall and his friends' walls in his name.
They were typically exclamations that encouraged users to click on a web link.
Examples include 'I can't believe this woman lost so much weight! facebookhealth4. com', or 'I made $1,285 today working online! You guys have to check out WorkHomeDream.net to get started too!'
In May this year, Reuters reported that hackers launched 'phishing' attacks on 200 million users on Facebook.
They tricked users into entering their usernames and passwords on webpages that looked identical to Facebook's login page.
They then used the stolen information to gain access to the victims' accounts, and sent malicious links to the victims' friends.
A Facebook spokesman told The New York Times in May that the damage from the phishing attacks 'is not widespread and is affecting only a small fraction of a per cent of users'.
He added that Facebook would delete the malicious links from its members' pages, block further spam postings and reset the passwords of affected accounts as soon as it learns of a phishing attack.
my paper knows of at least nine such victims here, including Mr Pang. Mr Pang's account was hit in early October, right after reports surfaced about thousands of e-mail passwords being obtained and leaked online that month.
Cyber-crooks apparently used 'phishing' tactics to dupe users of free Webbased e-mail services, such as those provided by Microsoft and Google, into revealing account and access information, said the reports.
About 10,000 Hotmail accounts and over 20,000 e-mail accounts from Gmail, Yahoo! Mail, AOL and other providers were affected.
Mr Pang said: 'After reading the reports, I reckoned that my password had been busted and that my account had been hacked.'
He immediately changed the passwords of his Hotmail and Facebook accounts, using a unique and more complicated password for each service. The two accounts used to share a simple password because he found it 'very taxing' to remember complicated passwords.
Banking associate Titus Tham, 30, also found several bogus messages on his Facebook wall between October and last month.
'Thankfully, most of my friends knew that the messages were not coming from me,' said Mr Tham, who had also used the same password for his Facebook and Hotmail accounts.
Mr Barrie Ooi, the South-east Asia head of Windows Live - Microsoft's online platform that includes Hotmail and Messenger - believes that the Facebook attack is not related to the one that affected Hotmail because 'there are many scenarios which can result' in such hacking attempts.
For example, when users do not sign out of their Facebook account, they allow hackers to hijack the session, he said.
Users of Windows Live can learn more safety tips from Microsoft's website at www.microsoft. com/protect Users have to be more alert and not use the same password for their e-mail and Facebook accounts, said IT experts.
Mr Paul Ducklin, Sophos' head of technology for the Asia-Pacific, said: 'Many users are pretty easy-going about social-networking messages. They may be much more likely to fall for scams and spam via social-networking sites than via e-mail.'
He added: 'Don't re-use passwords... because it allows hackers to crack into all your online accounts by cracking any one of them.'
Mr Effendy Ibrahim, consumer-business lead for online-security firm Symantec Asia-Pacific, warned Facebook users to be very cautious about suspicious messages, including those that are apparently sent by their friends.
They must never click on any links in these messages, he said.
For more my paper stories click here.
| 
