Rogue Facebook phishing applications

Sometimes people take it for granted that once they login into Facebook, they don’t have to worry about security threats, but as Rik Ferguson (a researcher for Trend Micro) discovered a few days ago – there are two malicious applications INSIDE Facebook: the Stream and Post applications.

Through them, the users were redirected to a phishing site were they were asked to enter their username and password in order to be able to use the applications. Users don’t think it’s suspicious because, after all, the messages appear in their Facebook profile:

The users also wouldn’t notice it afterwards, because after entering the information, they are redirected to Facebook.

This phishing site involved in the scam is blocked by now, but users are advised to pay extra attention when being asked for login credentials.

But, as it seems, that is not the end of security breaches on Facebook. Yesterday Rick Ferguson uncovered four more rogue applications – Your Photos, Birthday Invitations, Inbox (2) and Inbox (1). To avoid being a victim of this kind of attack, he recommends checking the URL in the browser’ address bar, checking where the links points to (before clicking – just hover with your mouse pointer over it), and removing apps you won’t be using anymore.