Worms lure Facebook users to fake site two days running

Facebook stopped a phishing attack on Thursday, its second day in a row of dealing with a worm on the site that lures people to a fake Facebook page and prompts them to log in.

Unsuspecting Facebook users get a message from a friend urging them to "check this out" and including a link to a web page that appears to be a Facebook log-in page but it is a fake site that steals their information when they type in their username and password. The worm also sends a copy of the message to the infected Facebook member's contacts.

In the latest attack, the web address was "FBStarter.com". In Wednesday's attack, the address was "BAction.net".

The attacks were stopped within a few hours in each case, said a Facebook spokesman. He said it was too early to say whether the two phishing attacks are related. "We are investigating," he said.

Once Facebook learns of a phishing attack, either by members notifying the company or employees noticing that a URL is being distributed to a lot of people, the company deletes the URL from members' pages, blocks fresh postings, and removes the redirect to the URL that appears in email messages, the spokesman said.

Facebook also goes in and resets the passwords of member accounts that had been used to distribute the spam, he said.

The company also alerts anti-fraud partner MarkMonitor, which passes the phishing URL on to the major browsers to block it and contacts ISPs to take the site down, according to the spokesman.

To protect against phishing scams, Facebook users should make sure that the URL they are visiting says www.facebook.com. If it doesn't use that domain it's likely to be spam. Also, members that are already logged in to Facebook will not be asked to log in again.

Original article: Facebook hit by phishing attacks for a second day from CNET News.com