The IM-based spam wave sent via
automatically generated accounts promises a “hot date” if the Facebook’s users
access the typosquatted link, as depicted below.
The fake Web site, which reproduces
extremely well the genuine Facebook site, collects the log in credentials using
a PHP script.
Why is this bad for you? Well, there is an
easy and a hard way to put it.
The easy way: the phishers can employ the
stolen log in credentials to harvest e-mail addresses and other contact details
the users store in their accounts, as well as to post spam messages advertising
different goods and services on the user’s behalf.
The hard way looks like this: the worst
thing for you would be to receive from your social connections blood boiling
e-mails and phone calls because their antivirus and/or computer just went crazy
after landing on your Facebook page.
And no, it’s not your fault that the worm infector
flashy banner ad on top of your page exploiting just another Windows flaw
popped up from nowhere. But it might be your fault for not being careful enough
when accessing and logging onto