Symantec Warns of Facebook, MySpace Scams

Attention Facebook users: Be careful when opening messages purporting to come from the social networking site. According to a recent blog posting from Symantec’s Mayur Kulkarni, phishers have crafted messages designed to look like official Facebook invites or prompts to reset passwords, but that are, in fact, designed to lead users to phishing sites that steal login credentials.

Kulkarni writes that there are three subject lines to look out for:

Facebook account update
New login system
Facebook Update tool


Facebook’s not the only site being targeted in recent attacks. Kulkarni also writes about messages claiming to come from MySpace that contain malicious attachments. Subject lines to look out for include:

Myspace Password Reset Confirmation
Myspace office on fire
Myspace was ruined

It’s important to remember that legitimate Web sites will not send attachments for resetting a password. Symantec also warns users to be cautious of clicking on URLs that they have not verified.


Historically, scammers have used login info to get into accounts for purposes of sending spam e-mails to a person’s “friends” or even to impersonate a person for the sake of attempting to con people out of money. Earlier this year, reports of people hacking Facebook accounts and telling stories of having been robbed and stranded in London picked up intensity (this WCBSTV.com story is one of many exploring the issue).

Be careful and know who you’re dealing with. Unfortunately, as the popular of social networking sites has grown, the scams haven’t been far behind.