Miley Cyrus sex tape is bait for Facebook phishing

Graham Cluley
Graham Cluley
@[email protected]

Miley Cyrus sex tape is bait for Facebook phishing

Watch out for messages like the following which are popping up on Facebook:

Omg Miley Cyrus sex tape[LINK]

Miley Cyrus sex tape

They are, in fact, leading users to a phishing website which hopes that you’ll be so excited about the prospect of seeing a sex tape of the Hannah Montana singing sensation that you won’t notice that you’re being asked to log in to a rudimentary fake copy of Facebook’s front page:

Facebook phishing website. Click for larger version

We all like to think that we’re too smart to fall for a trick like this, but the truth is that you only need to be careless once for the hackers to be successful.

Sign up to our free newsletter.
Security news, advice, and tips.

Identity thieves are keen to gain control of your social networking accounts – as they can use them to steal information about you, trick others into scams, and spread spam and malware campaigns from your account.

At least some of the messages appear to be being published from legitimate Facebook users’ accounts, but it isn’t clear presently how they were compromised. If you find your Facebook account has been posting messages unexpectedly about a Miley Cyrus sex tape, change your password, revoke the rights of any unknown applications to access your profile, and ensure that all references to the sex video are removed from your news feed.

What’s interesting is that this latest wave of spam messages say they were posted “via Email”.

That’s the facility Facebook supplies to post status updates to your Facebook page remotely, just by sending an email to a unique address (every Facebook account has a specific email address for this purpose).

Upload email

It’s possible that the facility has been compromised, and spammers have found a way to update users’ statuses of users by sending an email message directly to their Facebook walls.

Be sure to warn your friends about phishing scams like this and teach them not to trust every link that appears in front of them.

Take care folks.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.