SCAM WATCH | fbstarter.com Steals Facebook Users’ Passwords

Phishers steal personal information

Reports have been flooding in about phishing site fbstarter.com. The dummy web site poses as a Facebook login page to get users to type in their usernames and passwords.

We all know that online scams set to steal personal information such as passwords are the first step on the road to identity theft.

Phishers keep changing lure

You may recall just a couple of days ago when fbaction.net pulled exactly the same password-stealing scheme. Therein lies the problem. Facebook blocked fbaction.net and it has blocked fbstarter.com, but these scams were likely conducted by the same people.

That means these phishers are changing their scheme slightly and launching new attacks after one is thwarted.

Could be harmless — or not

The phishing scam is widely reported to be harmless. After all, fbstarter.com doesn’t ask for credit card information or account numbers so fraudsters could take out payday loans in your name. It just takes your user information so it can send annoying fraudulent messages to others that will bring them to fb starter.

However, if you use the same username and password on your Facebook page as you do to login to your bank account or pay your credit card bill, who knows what could happen?

What to watch for

This little scam works like this: You get an e-mail saying that you’ve got a message on Facebook. There’s a link so you can look at it. You click the link and it sends you to the dummy page, fb starter, which looks just like a Facebook login page. You attempt to login and voila, phishers have your password.

One man reported that he got a message from a person that he hadn’t spoken to or gotten a message from for years. The message said something generic like “Look at this!” and had a link. Sure enough, it sent him to fbstarter.com.

More warning signs

If you get messages from unlikely sources or overly generic messages with links, that’s a huge red flag. And as these scammers fine-tune their scheme, my advice would be to type www.facebook.com into the address bar any time you want to check your page.

If you do click on any Facebook-related links, make sure you check the address bar and confirm that facebook.com is where you are — not fbstarter.com, fbaction.net or any other ripoff address. If Facebook normally fills in your username for you but it comes up blank, get out of there.

Identity theft

Mashable reports:

There is no malicious payload with the attack, it seems: no virus is downloaded or any other nasties: it’s simply a huge nuisance for Facebook users.

However, with all of the cross-pollination I do with my passwords, I certainly don’t feel comfortable with the phishers behind fbaction.com and fbstarter.com having my password. A report from the national credit bureaus says 9 million Americans get their identity stolen every year. So pay attention and don’t become a victim.