Facebook phishing scam: hey, do you remember this photo?

A new scam on Facebook is trying to steal your account credentials. Never re-enter your e-mail address and password without first checking that you are indeed on facebook.com.

Facebook scammers are exploiting ignorant victims curious enough to blindly click a link that they think leads them to a photo they've once seen before. There is no such photo, but the scammers do instead manage to steal your e-mail address and password for logging into Facebook.

This version says something like "hey, do you remember this photo?" or "Can you remember this photo?" or "Remember this photo?" followed by a fraudulent link. Here's how Facecrooks describes what happens next:

The scam message will be accompanied by a bit.ly or other link of some kind. Clicking on any of them will take you a page designed to look like the Facebook login page. Users who let their guard down or who aren’t paying careful attention, may not notice they have been redirected to a scam site. Obviously, if you login on this screen, the scammers can gain total access to your account.

Facebook has said before that it it will never request your password over email but will sometimes prompt to re-enter it on the website. The trouble here is that users aren't checking that they are still on Facebook. Just because it looks like Facebook, doesn't mean it is: check the URL in the address bar at the top of your browser.

As a general word of caution, don't click on everything your Facebook friends share on the social network. If you see a scam like this one, report it. Then go check your Messages and Wall to make sure you're not spreading the scam; the sooner you clean it up and Unlike any relevant Pages, the better. You can also contact Facebook Security if you'd like to.

See also: