New Facebook Phishing campaign!

According to Sans Internet Storm,  They have seen some signs of a new Phishing campaign like the[intlink id=”3419″ type=”post”] Look at this Phishing campaign[/intlink] that went through a few weeks ago.  At the time of writing that report they weren’t being resolved they now are being resolved making you look like you are logging into Facebook:

Phishing look a like!! Phishing look a like!!

[ad]Sites that are hosting these are in Belgium and are Redbuddy.be, Redfriend.be, and picoband.be.     If you recieve this with these urls you best thing you can do is just to delete them.   Some people have said it is using the term “look at this” I am unsure as to is or not but you can usually tell because of the the URL and if it isn’t Http://www.facebook.com or Https://www.facebook.com then you aren’t logging into Facebook but are logging into a fake site.

We’ve talked about [intlink id=”2644″ type=”post”]why criminals want to use your account and why they need to get your passwords[/intlink].  I know they want to take control of your account for one reason or another but that is where the Facebook users need to keep watch on the URLS being displayed when you log into Facebook.    If you did that then you are one step ahead of the nefarious criminals and can be at peace.  Just like the Look at this campaign if you did visit those sites and given out your password it is strongly recommended to reset your password.

Update #1 — More Domains have been created areps.at, greenbuddy.be, vispace.be, whiteflash.be, and bestspace .be . All these domains resolve to 211.95.78.98 And can be determined by going to Http://www.dns.be or http://www.dns.at  .   It looks like the server is hosted in China.  I wouldn’t be surprised if t here were even more domains going to be regestered that were in Belgium!!  On a Side note it seems all these have a malicious hidden iframe in them so “DON”T Visit them unless you know what your doing“.   I suspect that is how they are keep having people post to Facebook about these but that is only my theory!!  (Thanks Sans Internet Storm for all those updates)