Vingers.ru – Another Facebook Phishing Scam
So it seems that every other day a new Facebook phishing scheme springs to life. Or rather the same scam keeps showing up disguised in a new country domain. First it was the .at domain, a couple of days ago the .be domain and now it seems .ru is being targeted.
I just received a message from one of the friends that sent me the "wwww whiteflash be" message, now with "Hello" as the subject and "www vingers(enter dot)ru" as the message body. Again, the site looks like the Facebook login page to try and steal your user credentials. The good news for Google Chrome users is that the browser identifies the site as a malware sites and displays the corresponding warning. Can't say the same about Firefox and Internet Explorer 7, though.
You should NOT provide your Facebook credentials to any site that is not http://www.facebook.com. You shouldn't even blindly trust the browser address bar, and instead make sure you type the URL yourself. Take a look at this article that outlines the danger of having your Facebook credentials stolen.
Here's a list of sites that are being used to conduct the attack:
- afoi.ru
- areps.at
- bests.at
- bestspace.be
- brunga.at
- goldbase.be
- greenbuddy.be
- indigoline.be
- kirgo.at
- mymarket.be
- nutpic.at
- picoband.be
- ponbon.im
- redbuddy.be
- redfriend.be
- silvertag.be
- simplemart.be
- sweeter.be
- vingers.ru
- whiteflash.be
- whitemart.be
- yospace.be
UPDATE: The vingers.ru site is returning a 404 Not Found error at the moment. I guess the scammers are changing domains faster now. I would expect a new one showing up soon.
UPDATE: Check this list of scam sites that I compiled and will be updating when some more sites show up.
Just receive these messages.
Like google chrome, opera says me it's a malware website.
Firefox ( version 3.0.10 for MacOS X ) is giving me a warning too. When I first ignored the warning I saw that scamming page. But now I just see a blank page. On Safari ( version 4.0 Public Beta for MacOS X) I get the scamming page with no warning.
Opera had also warned me about it.
Update : Safari ( version 4.0 Public Beta for MacOS X) is now putting a warning too.
Yes a russian person own that vingers(dot)ru
...and now Facebook blocks links to this blog entry of you.... reason in german:
"Der Link, auf den du geklickt hast, wurde von Facebook-Nutzern als Missbrauch gemeldet."
It basicly means that someone reported the link to fb. whateva. I dont getit...
I too received the http://www.whiteflashbe., I have Internet explorer 7, but my AVG caught it and put it in the vault, and now I have gotten another one in the e_mail that says Hello! "www.vingers(dot)ru" so I typed it into google to ask what it was and I ended up here. So I am not going to open it, I need to let the guy know that sent it to me on Facebook so he knows what is going on. I downloaded Google Chrome but could not figure out how to work it properly....."says something about me" but I may give it another try now...
Thanks for all the feed back
Hi!
Just recived a facebook mail with just: "nanoraw.ru"
(I use Firefox)
What do I do now?
Best wishes
Maggis Östlund /Sweden
You should delete the email and not got to that website. It's also part of the scam. Check the list of sites that are part of this phishing scam here:
http://antoniofarinha.com/blog/2009/05/27/list-of-facebook-phishing-scam-sites/
I will be updating the list as soon as I know about more of these malicious sites.