Well, it looks like phishers are now focusing their efforts on Facebook. Symantec has observed that a current method of attack sends a message to a victim's Facebook account "Inbox," as well as an email notification with the subject "Hello" or "Hi.” The email appears to have come from the victim's friend and includes text asking the user to visit an obscure URL link. Apparently, the link takes the user to a fake login page of the popular Facebook site. Similar to the last week's “.im” and “.at” domains, this time the domains used are of the type “.be”. If you see a similar email or notification, do not click on any such .be, .im, or .at links, or enter in your Facebook username and password. Attackers will try to steal your login credentials so that your account can be used to launch future attacks—making you infamous within your Facebook circle of friends for inadvertently sending that message and causing future destruction. The impact of this attack, or previous similar attacks for that matter, has not been widespread and only impacts a small fractional percentage of Facebook’s 200 million users. However, due to the nature of these attacks, if successive attacks are launched the damage can multiply. Given the increasing popularity of social networking sites, Symantec recommends computer users be cautious about sensitive information and pictures they use in their profiles and to not use the same login credentials for multiple accounts and online services.The phishing links that have come to light so far are the following (but of course they won’t be limited to just these):hxxp://fbstarter.comhxxp://fbaction.nethxxp://121.imhxxp://151.imhxxp://areps.athxxp://brunga.athxxp://whiteflash.behxxp://goldbase.behxxp://sweeter.behxxp://bestspace.behxxp://orangefan.behxxp://dynasale.beMost of the above domains were operating off of the same IP at 211.95.78.98. The ISP temporarily blocked the sites hosted last week but some of the .be sites were up and running until 03:30hrs IST, May 25th, 2009.Symantec suspects that the initial attack vector was purely through forged email, but once accounts had been compromised, the attacks were launched through Facebook itself. Fortunately, the team at Facebook is taking this attack very seriously and working diligently to remove messages with those dangerous links, and helping secure any compromised accounts. If you accidently clicked on any such links and entered in your Facebook login and password, then change your password on your Facebook account immediately. If it has already been changed by the miscreant malware (there have been reports to this effect), then you can use the "Forgot your Password" link to reset your Facebook password. In any case where you cannot reset your password on your Facebook account, contact the Facebook user Operation team as suggested on the Facebook Security page: http://www.facebook.com/security.So, what else can you do to protect yourself and your information? Always maintain a level of caution around any messages from within a website or that appear to be sent by a website. If you do click a link, double-check the actual domain that is shown at the top of the page. It’s a best practice to type the direct Web address directly into your address bar rather than rely upon links from a message. 1. Use complex passwords and unique ones for each site. My method? Pick one string of letters and numbers and then add the first letter from the website’s name. For example: if my password “string” was “abc123$” then my Facebook password would be “Fabc123$”. 2. Maintain an up-to-date browser and operating system. Use security software, such as Norton Internet Security 2009. Check out Web safety services such as Norton Safe Web, where a community of Web users collaborates to report dangerous phishing and malware sites. 3. Double-check you’ve arrived at your destination. When clicking over to Facebook (or any site) make a habit of looking at what appears in the address line. You might not always be able to spot a fake site, but in the case of this particular scam, it’s obviously not www.facebook.com. 4. Be suspicious of requests to enter your account name and password.