I initially intended to publish this as a note, but Facebook would not allow it to be published on account of the word redbuddy.be in the text, so here it is. In a way it is better as I have more freedom and less limitations on my own blog, besides more folks can benefit from it.
The concerned link is www.redbuddy.be which is hosted in China. The site appears to have been registered just two days back. On Googling the issue a lot of other domain names turn up which have probably been used in the past for phishing like Dynasale.be, Brunga.at, Areps.at, ponbon.im, 151.im, check151.im, junglemix.in, fblight.com, fbstarter.com, fbaction.net, bestfunger.com
It all started when I received a message in my Facebook Inbox on Sunday morning from a good friend of mine, with Hi in the Subject line and Look at redbuddy dot be as the body. It was probably sent by a bot using his username and password (after he logged into the fake Facebook page -which captured his username and password) to the maximum number of friends that Facebook allows you to send a message to. I was a bit surprised that he had not attached any description of any sort about the site and also the . (period) written as dot suspiciously as if to evade detection if Facebook was scanning for messages which had redbuddy.be in the message body (Which turned out to be true)
Luckily for me, even if I would have detected the fake page, Firefox blocked the site and showed me its little red screen informing me that it was a dangerous site. Clicking on ignore this warning presented me with a login page that resembled Facebooks colour theme! Note the Phishing URL marked in Red. Instead of facebook.com, it says redfunger.com.
Fake Face Book Login Page
So, if you receive this or any other new Web address in a Facebook Message be on your guard as the names of the websites would keep changing! The very fact that Facebook wants you to login again even though you are already logged in should put you on your guard! Usually web sites will ask you for your password again only when you want to change your existing password unless you are using an Internet Banking site and making a transaction or editing personal information on such or similar services.
If you have already logged in to the fake page, change your password immediately! Clean the temporary files on your computer and update and run a properly licensed and updated antivirus and anti spyware scan. Among the free ones, Avira Antivir personal edition is very good. If you are still using Internet Explorer, download and install Mozilla Firefox from www.firefox.com -It is faster, safer and free! It also helps if you have not upgraded Windows. For example I have a Windows 2000 server in office which is well -obsolete! It won’t let me upgrade to the latest and more secure Internet Explorer 8! In such cases there is no option but to go for something good, free and secure such as Firefox! If you have an unlicensed copy of Windows -maybe at your foolish employer’s discretion -be aware that you are not getting all the security updates -so once again, protect yourself on the web and go for Firefox!
This time there was a new phishing attempt on Facebook and Firefox did not block it, so I had the privilege of reporting it to Google 
Reporting a Web Forgery in Firefox
Here is the same site in Firefox half an hour later after I reported it.
Some links on Phishing and how to guard yourself from these kind of attacks:
If you would like to make a comment, please fill out the form below.
