Flour Power

a blog by António Farinha


Vingers.ru – Another Facebook Phishing Scam

Facebook phishing scam

So it seems that every other day a new Facebook phishing scheme springs to life. Or rather the same scam keeps showing up disguised in a new country domain. First it was the .at domain, a couple of days ago the .be domain and now it seems .ru is being targeted.

I just received a message from one of the friends that sent me the "wwww whiteflash be" message, now with "Hello" as the subject and "www vingers(enter dot)ru" as the message body. Again, the site looks like the Facebook login page to try and steal your user credentials. The good news for Google Chrome users is that the browser identifies the site as a malware sites and displays the corresponding warning. Can't say the same about Firefox and Internet Explorer 7, though.

You should NOT provide your Facebook credentials to any site that is not http://www.facebook.com. You shouldn't even blindly trust the browser address bar, and instead make sure you type the URL yourself. Take a look at this article that outlines the danger of having your Facebook credentials stolen.

Here's a list of sites that are being used to conduct the attack:

  • afoi.ru
  • areps.at
  • bests.at
  • bestspace.be
  • brunga.at
  • goldbase.be
  • greenbuddy.be
  • indigoline.be
  • kirgo.at
  • mymarket.be
  • nutpic.at
  • picoband.be
  • ponbon.im
  • redbuddy.be
  • redfriend.be
  • silvertag.be
  • simplemart.be
  • sweeter.be
  • vingers.ru
  • whiteflash.be
  • whitemart.be
  • yospace.be

UPDATE: The vingers.ru site is returning a 404 Not Found error at the moment. I guess the scammers are changing domains faster now. I would expect a new one showing up soon.

UPDATE: Check this list of scam sites that I compiled and will be updating when some more sites show up.

  • Facebook
  • Twitter
  • MySpace
  • Digg
  • StumbleUpon
  • Technorati
  • Reddit
  • FriendFeed
  • email

If you enjoyed this post, make sure you
Subscribe to my RSS feed!

9 Responses to “Vingers.ru – Another Facebook Phishing Scam”


  1. ludo says:

    Just receive these messages.
    Like google chrome, opera says me it's a malware website.

  2. Hendrik de Stoute says:

    Firefox ( version 3.0.10 for MacOS X ) is giving me a warning too. When I first ignored the warning I saw that scamming page. But now I just see a blank page. On Safari ( version 4.0 Public Beta for MacOS X) I get the scamming page with no warning.

  3. QB says:

    Opera had also warned me about it.

  4. Hendrik de Stoute says:

    Update : Safari ( version 4.0 Public Beta for MacOS X) is now putting a warning too. :-)

  5. anonymous says:

    Yes a russian person own that vingers(dot)ru

  6. anonymous says:

    ...and now Facebook blocks links to this blog entry of you.... reason in german:

    "Der Link, auf den du geklickt hast, wurde von Facebook-Nutzern als Missbrauch gemeldet."

    It basicly means that someone reported the link to fb. whateva. I dont getit...

  7. Marianne says:

    I too received the http://www.whiteflashbe., I have Internet explorer 7, but my AVG caught it and put it in the vault, and now I have gotten another one in the e_mail that says Hello! "www.vingers(dot)ru" so I typed it into google to ask what it was and I ended up here. So I am not going to open it, I need to let the guy know that sent it to me on Facebook so he knows what is going on. I downloaded Google Chrome but could not figure out how to work it properly....."says something about me" but I may give it another try now...

    Thanks for all the feed back

  8. Margaretha Östlund says:

    Hi!
    Just recived a facebook mail with just: "nanoraw.ru"
    (I use Firefox)
    What do I do now?

    Best wishes
    Maggis Östlund /Sweden


Trackbacks/Pingbacks

  1. List of Facebook Phishing Scam Sites | Flour Power 27 05 09