Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Lightweight Facebook social engineering scam - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lightweight Facebook social engineering scam

We've gotten reports (thanks to Steve who first reported it) of Facebook users receiving messages indicating that their photos have been stolen and posted to a different site ( and When you go to the sites, they request name, email and a password and then show you a picture of a monkey as a joke. However, if you enter your facebook account info, all your friends are sent the following message:

"Have been uploading your pics on blinksnap-com-go there

Has anyone informed you your photos are on cheepfry-com-go there" 

This doesn't have to be a huge threat. It's only an issue if you are silly enough to provide it with meaningful credentials if you reply at all. Please folk, remember to use unique credentials and don't give away your username/password.

UPDATE: Jeff pointed out that many/most of the sites that are connected to this scam seem to be using an IFRAME pointing at and most of the sites are resolving to a single IP address -


68 Posts
Dec 29th 2008
Here is another site as well:

"Are you aware that your pictures are on thumprush-com-check it out"

To see your Wall or to write on Kylie's Wall, follow the link below:

The Facebook Team

Sign Up for Free or Log In to start participating in the conversation!