Facebook “Fishing”?
While we’re still trying to wrap our heads around all of the new Facebook features announced at the recent F8 conference, one thing that has caught our attention in a negative way is the potential for phishing. The new Facebook “Like” features are pretty cool, and it’s even more cool how you can deploy these across websites, blog posts, etc. As you can see in the image we’ve integrated this new feature into the Covenant website. So when you’re logged into Facebook you’ll see all of the friends who have “liked” that particular page or piece of content – but when you’re not logged in, you’ll see something like the image below.
So what’s the big deal? Well, what’s to keep hackers, phishers, and other ne’er-do-wells from creating a pop-up window that looks exactly like Facebook’s window? Once you enter your username and password, they would have all the info they need to comprise your identity on Facebook. You’d be able to tell by looking at the URL, but for the average user who doesn’t know enough nor care enough to pay attention to the URL, this could be a very dangerous issue.
Plus why doesn’t Facebook use a secure URL instead of just an open one?
Maybe we’re making mountains out of mole hills, but it sure does seem like this is prime phishing grounds for those who seek to pray on the unsuspecting.
