2010 April 27th
I caught a Phacebook Phisher today! It was someone impersonating a friend and asking for my phone number.Tell-tale signs:
- A Chat or IM or IRC msg apparently from a friend, but saying nothing specific about them or about you
- Writing in a generic style possibly atypical of your friend's normal style
- They reply to your messages with no delay
- Urgent or repeated requests for info (like your phone #)
- Logs out or goes offline after only a couple minutes delay on your part
- Tell them to contact you by some other means which would require them knowing something specific (like their own email password), but
- Don't tell them that specific thing, and don't tell them what they're asking for via the IM or chat.
In this particular instance I believe the hacker got a Javascript running on my friend's computer. The way this can happen to you is as follows:
- You can visit a website which runs a Javascript (typically through a banner ad) that sticks around and later acts as a "chat relay".
- The script waits until you are in Facebook, then opens another window that is invisible (for example, hidden below the task bar)
- Within the hidden window, it starts a Chat with any friends who are online.
- If a friend responds, the script (running in your browser) forwards your friend's response to the hacker (who is somewhere else on the Internet).
- Your friend can then chat with the hacker, who impersonates you.
