Already hit? Check out this guide of what to do now.
Looks like claims to have cleaned up the the Facebook 151.im worm were a bit premature. I’ve gotten three more offers to check scam sites in the past few hours, including to Kirgo.at, nutpic.at, and brunga.at. It looks like the phishers have changed from the Isle of Man’s .im domain to Austria’s .at. I’d still pick the former this time of year.
Most of what I wrote about the Facebook virus previously still applies, although it looks like the bad guys’ servers are having trouble handling all the images, which will hopefully slow down the amount of people falling for the trick.
One way to make sure that it's the real Facebook site you're logging in to? Simply put in a made up e-mail and password in the login page. The phishing sites have been putting out a "502 Bad Gateway" error, while the real Facebook would ask you to try again. Note that this is not a 100% fool proof method (check the address bar!), but few phishers, particularly for a scheme like this, are likely to go through the trouble of a complicated input verification scheme. Further Reading:
- What to do if you get hit by the Facebook brunga.at virus attack
- Facebook virus attacks continues: Check kirgo.at, nutpic.at, and brunga.at continue to lure unwary
- Facebook says "Check 121.im"; Common sense says don't
- Facebook's blog post on how to Protect Yourself Against Phishing
- Find your Facebook message history