Vingers.ru – Another Facebook Phishing Scam

26 May

Internet

Facebook phishing scam

So it seems that every other day a new Facebook phishing scheme springs to life. Or rather the same scam keeps showing up disguised in a new country domain. First it was the .at domain, a couple of days ago the .be domain and now it seems .ru is being targeted.

I just received a message from one of the friends that sent me the ”wwww whiteflash be” message, now with “Hello” as the subject and ”www vingers(enter dot)ru” as the message body. Again, the site looks like the Facebook login page to try and steal your user credentials. The good news for Google Chrome users is that the browser identifies the site as a malware sites and displays the corresponding warning. Can’t say the same about Firefox and Internet Explorer 7, though.

You should NOT provide your Facebook credentials to any site that is not http://www.facebook.com. You shouldn’t even blindly trust the browser address bar, and instead make sure you type the URL yourself. Take a look at this article that outlines the danger of having your Facebook credentials stolen.

Here’s a list of sites that are being used to conduct the attack:

  • afoi.ru
  • areps.at
  • bests.at
  • bestspace.be
  • brunga.at
  • goldbase.be
  • greenbuddy.be
  • indigoline.be
  • kirgo.at
  • mymarket.be
  • nutpic.at
  • picoband.be
  • ponbon.im
  • redbuddy.be
  • redfriend.be
  • silvertag.be
  • simplemart.be
  • sweeter.be
  • vingers.ru
  • whiteflash.be
  • whitemart.be
  • yospace.be

UPDATE: The vingers.ru site is returning a 404 Not Found error at the moment. I guess the scammers are changing domains faster now. I would expect a new one showing up soon.

UPDATE: Check this list of scam sites that I compiled and will be updating when some more sites show up.

10 Responses to “Vingers.ru – Another Facebook Phishing Scam”

  1. ludo May 26, 2009 at 1:18 PM #

    Just receive these messages.
    Like google chrome, opera says me it’s a malware website.

  2. Hendrik de Stoute May 26, 2009 at 2:18 PM #

    Firefox ( version 3.0.10 for MacOS X ) is giving me a warning too. When I first ignored the warning I saw that scamming page. But now I just see a blank page. On Safari ( version 4.0 Public Beta for MacOS X) I get the scamming page with no warning.

  3. QB May 26, 2009 at 2:26 PM #

    Opera had also warned me about it.

  4. Hendrik de Stoute May 26, 2009 at 3:18 PM #

    Update : Safari ( version 4.0 Public Beta for MacOS X) is now putting a warning too. :-)

  5. anonymous May 26, 2009 at 3:53 PM #

    Yes a russian person own that vingers(dot)ru

  6. anonymous May 27, 2009 at 12:06 AM #

    …and now Facebook blocks links to this blog entry of you…. reason in german:

    “Der Link, auf den du geklickt hast, wurde von Facebook-Nutzern als Missbrauch gemeldet.”

    It basicly means that someone reported the link to fb. whateva. I dont getit…

  7. Marianne May 27, 2009 at 12:41 AM #

    I too received the http://www.whiteflashbe., I have Internet explorer 7, but my AVG caught it and put it in the vault, and now I have gotten another one in the e_mail that says Hello! “www.vingers(dot)ru” so I typed it into google to ask what it was and I ended up here. So I am not going to open it, I need to let the guy know that sent it to me on Facebook so he knows what is going on. I downloaded Google Chrome but could not figure out how to work it properly…..”says something about me” but I may give it another try now…

    Thanks for all the feed back

  8. Margaretha Östlund May 27, 2009 at 4:35 PM #

    Hi!
    Just recived a facebook mail with just: “nanoraw.ru”
    (I use Firefox)
    What do I do now?

    Best wishes
    Maggis Östlund /Sweden

Trackbacks and Pingbacks

  1. List of Facebook Phishing Scam Sites | Flour Power - May 27, 2009

    [...] Vingers.ru – Another Facebook Phishing Scam [...]