Starting this week, a massive phishing campaign was launched, apparently by Russian hackers (the sites they used were registered on names of Alexander Kalinin, Alexandr Kvorin, Andrey Morov, and Alexander Petrov with fake addresses of course).
If they get control over someone's account, what they do is that they send private messages to all friends to visit one of the following sites, or alike:
- afoi.ru
- areps.at
- bests.at
- bestspace.be
- brunga.at
- goldbase.be
- indigoline.be
- kirgo.at
- mymarket.be
- nutpic.at
- picoband.be
- ponbon.im
- redbuddy.be
- redfriend.be
- sweeter.be
- vingers.ru
- whiteflash.be
- whitemart.be
- yospace.be
where visitors were asked to "login" again. So this is how they get the passwords.
At the moment, it is unknown how malicious this can turn, but the hackers can potentially hijack other accounts, like e-mail (if the same password is used say for Google or Yahoo mail services), and then even further if they dig more valuable information from someone's virtual portfolio.
So, if trapped - change your password you used on ALL accounts, not only on Facebook. Report it to the site technical team, remove all Facebook applications and take vacations to recover from the stress.
Web administrators, should block the following IP addresses immediately:
- 213.182.197.2
- 211.95.78.98
