January 5, 2011 by Vincent
Spammer Exploiting Facebook Outgoing Link Redirection
How do you identify spam links received on instant messengers? One of the easiest way is to identify the domain. If your friend is sharing random links with unknown domain, the fancy ones especially, you should be very wary (pun).
Some phishing sites might also use domain similar to popular social networking sites, faceb0ok.com for example. So does that mean if the domain is exactly the same as popular sites like facebook.com or youtube.com, you are safe?
If you ask that a day or two before, I would say yes. But not after I received the following spam link on Windows Live Messenger:
Facebook.com, that should be safe. But wait a second, examine the URL more carefully before you let your guards off. The spammer is exploiting Facebook’s outgoing link redirection to gain user’s trust.
What happens when you visit the link? You’ll be greeted by Facebook’s “Please be careful” message, which probably no one reads or care.
Seeing Facebook’s logo and ignoring the little words Facebook put up to warn users, the victim would have a false sense of security and proceed with the charming blue “Continue” button.
You will then be redirected to just any URL that follows behind http://www.facebook.com/l.php?u=
. (e.g. http://www.facebook.com/l.php?u=www.sheeptech.com for SheepTech)
The rest were history.
Do notify your friends and family, especially the not so tech-savvy ones, to beware of this new tactic.
Ishan - January 6, 2011 @ 10:13 pm
This is a pretty common hack that exists on many PHP powered sites. However, seeing this being done on something as large as FB, this can be a big security problem.
Vincent - January 6, 2011 @ 10:42 pm
Exactly. I would normally close such spam message instantly, but this got me to have a second look.
At least Facebook is showing a warning message instead of redirecting right away. I couldn’t imagine if the latter were to be the real situation.
EURO 2012 HIGHLIGHTS - January 7, 2012 @ 6:40 am
I simply hate facebook spammers that’s the most stupid thing that could have ever been invented