How did it all start?

So there I was on a lonely Thursday evening, trying to do something if not cultural, at least interesting. I couldn’t find anything and I ended up on my facebook’s news feed and here’s what I saw:

I honestly don’t know the girl who posted that message nor do I keep in close contact with the person who had this thing posted on her wall. I did however felt like something was wrong. Therefore, I clicked on the link. Using any bullet proof browser like.. well, anything else except Internet Explorer. In my case, Mozilla. And I got to the following screen:

Well, that was pretty expected. I don’t know, however, who would attempt to hijack some facebook accounts. My best bet goes towards some Farmville or Mafia Wars maniacs but I am not pointing any names yet. So, anyway, since I’m not afraid of getting any virus/malware/whatever (yeah, I’m that cool), I ignored the warning.

How to tell if you’re in the course of a forgery?

First of all, it’s obvious I didn’t fill out that form. I did however go this far in order to show you how to easily detect a spoofing. If you haven’t realized this so far, spoofing is the term used for a web page which has the same design as one of your usual login pages but it’s sole purpose is to steal your account info. Spoofing can occur on any type of web site that deals with data: internet banking, e-mail, social media and so on.

Therefore, let’s go back to the screenshot. The first thing that should get you alerted is that big thick red bar which would be present right under your tabs. It only appears there if you’re using mozilla and my guess is that if you’re using mozilla, you wouldn’t need me to point the other two clues:

1. That’s not a facebook address. Period. Whenever you enter any personal information into any forms on the internet, always check if the domain you are sending the info to is the one you expect it to be. Well, not on any form. Nobody really cares to steal e-mails from the e-mail newsletter service but that’s a whole other thing.
2. Facebook without full language support? Come on, the guys have 300 million user accounts, worldwide and you expect them to show question marks ( ???????? ) instead of the actual Japanese or Chinese characters?

What to do if things went too far?

Basically, if your account has been compromised, there is only one thing you can do except praying: changing your password. If you don’t do that, you will never be able to sleep peacefully. Nightmares will haunt you and by the time you wake up, compromising stuff will be posted from your account to your friends walls.

If your password has already been reset, you should immediately reset the password yourself, with the help of the e-mail that you have registered your facebook account with. If you don’t have access to that account anymore, my suggestion is to contact Facebook in order to resolve the problem.

Conclusion

That would be about it. This has not been the first or the last guide against spoofing but there is always a lack of tutorials on this theme. Surf safe and don’t do drugs!