Cybercriminals and phishers are still focusing their efforts on Facebook. Several new scam tactics are listed as below.

1) Koobface Variant Resurfaced again

Recent report from CA suggested that a Koobface variant is still actively sending massive spam messages to millions of users on Facebook. During the attack, the Koobface variant connects to the malicious server UPR15MAY.com to acquire information for its spam messages to be sent to contacts of infected users.

2) Killselfz and Ligromind Malware

Similar to the “.at” and “.be” domains, this time the domains used are of the top-level domain. If you come across Facebook messages with phishing links to Killselfz[dot]com and Ligromind[dot]com, do not click on it or else the scammers will plant the malware to your computer.

3) Today, a new wave of phishing attacks on Facebook users is underway. A popular tech news blog Mashable is reportedly discovering two new top-level domains that can steal your Facebook login details and then spam your Facebook friends. If you get Facebook messages which prompt you to click the phishing links to Junfunrun[dot]com and Bulitre[dot]com, stay away from those messages and delete the messages instantly.

I’ve read an article that talked about Facebook is about to have a big spam problem, and “it’s not surprising.” Of course, everyone love Facebook now, and no one should expect spam will not happened in the Facebook environment.

A common Web strategy I heard nowadays is: If you build it, they will come. “They” means not only the audience, it also means the spammers too. So, if you want your profile, or even the group (you are the Administrator) to be spam-free, be prepared to spend time in deleting spam posts, spam wall posts, and report users that spam you to Facebook when necessary.

Facebook spam is definitely on the rise, but the good side is that the official security page of Facebook, i.e. Facebook Security has provided the typical screenshots of the spam posts and messages for the users to be fully aware of.

Please pay careful attention to these pictures enclosed as below, so when you come across the similar message, don’t hesitate to delete it straight away from your message inbox. And also, notice that each of these messages, the content are weird, with bad grammar as well, all under the guise of amicable types of messages with an aim to entice users to click on the external URL links.

Spam Message Example 1:

*Spam message for a free Macy’s gift card

Spam Message Example 2:

*Spam message about a new video the sender has found

Spam Message Example 3:

Spam Message Example 4:

Source: available at http://www.facebook.com/album.php?aid=58084&id=31987371885, accessed 31 October 2008