Mathematics, psychology and sociology, philosophy.

Tuesday, April 27, 2010

Facebook, IM (chat) and IRC Phishing

2010 April 27th

I caught a Phacebook Phisher today! It was someone impersonating a friend and asking for my phone number.
Tell-tale signs:
  • A Chat or IM or IRC msg apparently from a friend, but saying nothing specific about them or about you
  • Writing in a generic style possibly atypical of your friend's normal style
  • They reply to your messages with no delay
  • Urgent or repeated requests for info (like your phone #)
  • Logs out or goes offline after only a couple minutes delay on your part
How to reply:
  • Tell them to contact you by some other means which would require them knowing something specific (like their own email password), but
  • Don't tell them that specific thing, and don't tell them what they're asking for via the IM or chat.
Likely Hacking Method
In this particular instance I believe the hacker got a Javascript running on my friend's computer. The way this can happen to you is as follows:
  • You can visit a website which runs a Javascript (typically through a banner ad) that sticks around and later acts as a "chat relay".
  • The script waits until you are in Facebook, then opens another window that is invisible (for example, hidden below the task bar)
  • Within the hidden window, it starts a Chat with any friends who are online.
  • If a friend responds, the script (running in your browser) forwards your friend's response to the hacker (who is somewhere else on the Internet).
  • Your friend can then chat with the hacker, who impersonates you.
More details of other types of phishing are at