24 mai 2009

“Goldbase.be is a Facebook Scam: DO NOT Visit”

mashable.com

I’m receiving Facebook mails with links to “.be” sites which are obviously nefarious. The subject line of the mails is “Look at This”.

If you receive such a mail, DO NOT click links to the following sites: goldbase.be greenbuddy.be silvertag.be picoband.be

In 2009, a prominent tech blog (moreover, a blog that specializes in web 2.0 news) is still in the business of posting 1999-style panicked security warnings about “do not click links to this very specific list of sites” (or to a whole country’s TLD, in this case) as if those sites were going to self-destruct your computer, instead of simply writing “always check that you’re actually on facebook.com before you type your password, morons.”

As I’ve already written, part of it is Facebook’s fault for encouraging you to type your password anywhere and everywhere (latest case in point, iPhone apps), but I’d still expect Cashmore to show a little more discrimination than my mother does when she forwards warning e-mails about urban legends. You can’t be secure by relying on a blacklist of domain names you mustn’t click.

(Note that this is also the strongest case against framing outgoing URLs, Facebook- or Digg-style — but I just checked, and links in Facebook messages aren’t framed, so it doesn’t apply in that case. It shouldn’t be too hard, though, to manufacture a fake Facebook login page framed within a facebook.com frameset.)

P.S. Love this comment:

I got one from pinkamigo.be and very stupidly clicked on it. i have no idea what i was thinking. once i saw what opened up in my browser i shut my computer down…. I did a SpyBot S&D scan and a Windows Defender scan and chanced my FB password…. I hope that’s good enough.