Yesterday we wrote about the fbaction.net phishing scheme. As of today the site has been blocked but now a new site is replacing the old version and it’s called fbstarter.com. Apparently the spammers are pretty aggressive in their campaign to get Facebook users’ email addresses and passwords. While Facebook is going after the spammers, this most recent set of spammers appears to be quick to set up new sites.
We’re guessing that this site will be down just as quickly as the last one but it’s no doubt a serious issue for Facebook. Facebook has had a number of ongoing spam battles including spam applications and the recent Koobface virus which was eventually defeated thanks to the help of Microsoft. There’s no public estimates of how many users have been affected by these phishing scams but with the number of emails we’ve been receiving, I’d guess it has to be in the millions.
This scam is not much different than the last which leads us to believe it’s the same person. I ran a couple tests to see if we could figure out if the source was the same. The two domains fbaction.net and fbstarter.com appear to be registered with different companies but that’s about all we know. When I ran an “nslookup” command, fbaction.net returned no valid response.
The current scam appears to be hosted in Latvia and the previous domain referenced an easter European location as well so there’s a very good chance the two are linked. Aside from that we have no further information on this latest scam. Make sure not to click on links to “fbstarter.com”!