back to article Bank details - PAH! Phishers want your Facebook password

The frequency of phishing attacks against UK internet users has tripled over the last 12 months, according to figures from Russian security software firm Kaspersky Lab. Facebook, Yahoo! Google and Amazon are the websites most targeted by phishers in the UK, indicating a diversification away from the traditional target of …

COMMENTS

This topic is closed for new posts.
  1. LinkOfHyrule
    Paris Hilton

    Hey phishers!!!!....

    If you want my Facebook login you're bloody welcome to it - if you're that desperate to look at pictures of my sisters cats all day that is! Thought not!

    But if you change your mind and you do fancy ogling some puss, then why not cut out the middle-man - instead of phising for Facebook logins just get a job at PRISM and fill your boots with as much puss as you can handle!

    Paris because its too early in the morning and I'm talking shite to myself on the el-reg forums! Again!

    1. Peter Gathercole Silver badge
      Alert

      Re: Hey phishers!!!!.... THINK AGAIN!

      Be careful with your Facebook account. There are many, many other sites that will use the Facebook login process to access their site (I think linked-in will, and I was looking at the On-TV app on Android that allows it - I tend to ignore it as I don't want all my accounts linked together). I think these processes work by logging into Facebook themselves, and seeing whether the ID that you've given is currently logged in.

      There seems to be a group of information providers that would like to become single sign-on candidates. I've seen Google, Yahoo and PayPal as well as Facebook offered as quick ways of registering and authenticating for other sites on the Web.

      1. Brewster's Angle Grinder Silver badge

        Re: Hey phishers!!!!.... THINK AGAIN!

        "There are many, many other sites that will use the Facebook login process to access their site"

        And, before long, social security benefits. "Hello Mr Link. DWP here. We see you've been claiming Housing Benefit, Council Tax Benefit and Disability Personal Independence Allowance Benefit (due to an old sword wound) for the last five years. Can you please provide the documentation for that?"

        1. LinkOfHyrule
          Happy

          Re: Hey phishers!!!!.... THINK AGAIN!

          haha!

  2. WonkoTheSane
    Trollface

    They can have my Facebook password

    Pity I don't have an account to go with it!

  3. Scott Pedigo
    Facepalm

    If someone steals your Facebook password, then...

    ...you have lost face.

    1. frank ly

      Re: If someone steals your Facebook password, then...

      Oh the shame (of posting such a terrible joke)!

      1. LinkOfHyrule
        Thumb Up

        Re: If someone steals your Facebook password, then...

        No that's a good joke, I just upvoted it! It's better than the guff I come up with after-all!

  4. TeeCee Gold badge
    Alert

    Login using FaceBook!

    Can't be long now until Summer Wars becomes reality.

    I remember thinking, after the first time I watched that; "Hell, we're actually bloody doing this....".

    If I ever see a bank or similar offering the "convenience" of logging on with your FB credentials I'm going to find a deep hole, climb in and pull the ruddy thing in after me.

  5. Anomalous Cowshed

    It's a new world, new measures are required

    As more and more social, government, financial and business interaction moves to the Internet, especially for individuals, people - especially vulnerable people, such as older people - are going to have to be educated in computer security, because the risk of online crime against these people are becoming ever greater, and their mindset isn't adjusted to it; they are barely aware of the security measures that have to be taken against physical attacks (in the street, against the home), let alone digital attacks, which are too subtle for most people to detect. A lot of work lies ahead.

  6. Senior Ugli

    surely this is a hold-to-ransom type of affair rather than "I just want to look at your messages and pictures etc"

    If you stole a FB account details, then emailed the user saying I want X amount before a certain day, otherwise I will:

    message your mother saying you are addicted to crack and a secret gay

    message your ex claiming to have aids

    message a friend admitting you watch big brother

    post a status proclaiming your love of nickelback and a photoshopped image of account holder with the lead singer

    plus other various dodgy images, gore and racist things you could post to wreck the lives of the people who devote their whole life to FB

    I do remember a 4chan escapade where they had a bunch of details for FB accounts, watching the madness unfold was rather funny

    1. Anonymous Coward
      Happy

      Struggling

      message your mother saying you are addicted to crack and a secret gay

      message your ex claiming to have aids

      message a friend admitting you watch big brother

      post a status proclaiming your love of nickelback and a photoshopped image of account holder with the lead singer

      I would be mortified if anyone proclaimed I loved nickelback, also is "addicted to crack and a secret gay" not a contradiction?

      1. Anonymous Coward
        Anonymous Coward

        Re: Struggling

        "also is "addicted to crack and a secret gay" not a contradiction?"

        Not if it's arse crack :)

        1. Anonymous Coward
          Anonymous Coward

          Re: Struggling

          john the ripper could rip you one...

  7. ISYS
    Alert

    Hackers dream

    Get in to target's Facebook/linkedin accounts and create a dictionary based on the content (most people's password are based on something in their life)

    Then dictionary attack their place of work/bank etc.

    It is like social hacking without actually talking to the target (other than the initial phish).

  8. Martin H Watson

    Has John Leydon left...

    ...the Sex Pistols then? I bet I'm the 12th to ask today.

  9. Anonymous Coward
    Anonymous Coward

    Doh...

    Why would anyone not use upper/lower case alpha/numerical/non-alpha numerical characters and different passwords and not keep them in txt files?

    Unless of course the world is full of idiots? Picture for example of this

  10. taxman
    Holmes

    For every nefarious action

    there is a reason

  11. JimmyPage Silver badge
    Devil

    One day ...

    I might write a program to hit phishing links with hundreds of thousands of bogus login details, and invite people to forward me any phishing emails they get as targets.

    In fact, now I'm thinking about it, a better way would be a distributed app (a la SETI@Home) so the logins appear to come from all over the net.

    On a more low-tech note, if everybody who got a phishing email clicked the link and supplied a duff login, the inherent value in phishing would collapse overnight.

    I just need that round tuit ....

    1. Anonymous Coward
      Windows

      Re: One day ...

      "On a more low-tech note, if everybody who got a phishing email clicked the link and supplied a duff login, the inherent value in phishing would collapse overnight."

      Been doing it for years, behind TOR, with valid card numbers from dark coding (he does a card number gen which passes all checks except the csv digits..

      Its great fun, knowing these fucking idiots will be trying over and over to try my apparently real details...

      Im pleasured to have wasted their time....

  12. Anonymous Coward
    WTF?

    Phishing Attacks?

    Who is going to save us all from these BT, PayPal, Yahoo, Google, Facebook and Amazon phishing attacks ?

  13. RcR

    Idiocracy

    Ho-hum; what moron would possibly be fooled by such childish tricks?

    1. beep54
      Devil

      Re: Idiocracy

      You must now know very many actual people.

      1. beep54

        Re: Idiocracy

        Not, dammit NOT. Where's that fucking edit button?????

  14. mwngy

    BT

    BT encourage phish-prone behaviour by sending out regular emails with links to their site, requiring you to log in to see your bill.

    Once they have established that habit, it makes it very easy for the phishers.

    I have long sent requests to their customer service bit bucket for an option to put a bill summary in the monthly email (as talktalk do now) - that's all I (and probably most people) need to see (to check nothing is amiss), and then they won't bother clicking on links. I don't consider my monthly bill total sensitive data that cannot be sent by email.

This topic is closed for new posts.

Other stories you might like