Fortinet is warning users of hijacked Facebook accounts posting deceptive messages on the ‘Wall’ that links to various spam sites.

Click to enlarge

The social website has a ‘Wall’ that allow users to post comments on friends’ profiles. Spammers post various messages (online pharmacy shops, free ringtones) on it by purchasing hijacked accounts from identity thieves who were able to hijack the victim’s account.

One of the spamvertised links has been confirmed to resolve to a web host that also serves content for several pill pushing sites, involved in a criminal fraud ring. Included in this ring is Canadian Pharmacy, Fortinet says.

The Fortinet Global Security Research Team advises social networking site users to be wary of phishing attempts: when confronted by a login page or upon clicking a link contained in a friend’s message, carefully check the login page URL.

Legitimate login pages are hosted on the original social site domain (here, Facebook.com), while rogue login pages cannot be. Also, mental tricks may sometimes be utilised to trap users (eg: Facebook.com.dsfsafdf.cn, Facebook-login.com, Facebopk.com, etc.), as it is frequently the case in phishing schemes. For these reasons, leveraging adapted security gear that integrates real-time blackhole lists of known phishing sites is pertinent.

Beyond that, wall posts containing links must be handled with care. While hijacked accounts have not been proved to be utilised for anything beyond posting relatively innocuous spam 2.0, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point. Following links contained in wall posts is therefore not recommended.

See: www.fortinet.com