Robert's Blog

Facebook, IM (chat) and IRC Phishing

Posted in Uncategorized by mrob27 on 2010.04.27

2010 April 27th

I caught a Phacebook Phisher today! It was someone impersonating a friend and asking for my phone number.

Tell-tale signs:

  • A Chat or IM or IRC msg apparently from a friend, but saying nothing specific about them or about you
  • Writing in a generic style possibly atypical of your friend’s normal style
  • They reply to your messages with no delay
  • Urgent or repeated requests for info (like your phone #)
  • Logs out or goes offline after only a couple minutes delay on your part

How to reply:

  • Tell them to contact you by some other means which would require them knowing something specific (like their own email password), but
  • Don’t tell them that specific thing, and don’t tell them what they’re asking for via the IM or chat.

Likely Hacking Method

In this particular instance I believe the hacker got a Javascript running on my friend’s computer. The way this can happen to you is as follows:

  • You can visit a website which runs a Javascript (typically through a banner ad) that sticks around and later acts as a “chat relay”.
  • The script waits until you are in Facebook, then opens another window that is invisible (for example, hidden below the task bar)
  • Within the hidden window, it starts a Chat with any friends who are online.
  • If a friend responds, the script (running in your browser) forwards your friend’s response to the hacker (who is somewhere else on the Internet).
  • Your friend can then chat with the hacker, who impersonates you.

More details of other types of phishing are at


Comments Off on Facebook, IM (chat) and IRC Phishing

%d bloggers like this: