I blogged earlier this morning about a Facebook Phishing Scam. I’m now getting messages in my Inbox on Facebook recommending I “Check kirgo.at.” It’s the same scam, complete (or incomplete depending on how you look at it) with lack of Facebook logo on the fake Facebook login page.
Rule of thumb: if you don’t recognize the URL in messages you’re receiving in your Facebook Inbox, don’t trust them. There’s likely scores of web addresses (probably all .at addresses) setup for the same phishing function.
If you feel that your account may have been compromised, visit Facebook’s Security page (it is viewable even if you cannot access your Facebook account).
Beyond Facebook’s advice, I’d have to also suggest that compromised account holders monitor their banking, credit card and cellphone accounts. Scam artists often attempt identity theft with as little information as a full name and date-of-birth.
Related posts:
Get the RSS Feed
Subscribe via Email
{ 14 comments… read them below or add one }
i got one of those too. Thanks!
do u have to log into this shit 2 allow it to c ur info??
So, what exactly should I tell my friend to do if they already got their password stolen? If they log in and change their password right now will it block the other from logging in?
Tiffany – If a friend has their password stolen, do tell them to log in to Facebook and change their password immediately. There is still some risk to your friend, however. Someone out there likely logged into their Facebook account and could have their personal information. Merely possession of someone's full name and date of birth is enough for an unethical person to try to access credit card and banking accounts, so I'd advise her to be watchful of her accounts beyond Facebook, especially her financial and cellphone accounts.
Stacey, here's how it works: When someone goes to one of these phishing sites and types in their username and password for Facebook, the predators then take that information and either manually (by visiting the real Facebook) or through a computer script (which is more likely) log in to Facebook and send messages to that person's Friend list. If you don't type in your personal information on the face/phishing Facebook page, you are not in any danger.
Thank you for your response! I've already notified her to change her password. I'll have her be extra vigilant with all other accounts as well. When is this Phishing stuff going to stop?!?
Stupidly I checked that link and put in my password and login….i changed my password and email account about 10mins after tho when i realised my stupidity….what do you think are the risks now?? Is it still safe 2 use my facebook account or should i do anyting else at this stage?
uh i saw this on google trends and visited it but i didnt type in my info, i just closed it, all the sudden my firewalk turned off so i turned it back on and it found a whole bunch of spyware, some that couldnt be cleaned
i stupidly logged in to this!…but i changed my password and email about 10 mins l8r…..so i can still log on to facebook….will it still be safe to use my facebook account..or is there anyting else i can do at this stage?
Glad I could help. I hope everything goes well for your friend. -Scott
Andrew – see my response to Tiffany. Just be careful with your other accounts (see above). -Scott
Spyware was one thing I hadn't heard of happening in this attack. Have you seen any other reports of it?
soooo my friend send me that kirgo thing and I opened it and now I can't log onto my facebook. I don't know how to change my password on facebook. Will I loose all my photos and friends and info I have a lot of school stuff saved on there.!!!!
Charissa – that doesn't sound good. I'd be reporting your problem to Facebook so they are aware of you situation. I don't know how they handle that sort of thing. Hopefully you don't lose any of your Facebook information, but more importantly, do monitor your other personal accounts in the event that the people behind this attempt to leverage your identity to do further damage!