Till now, the Facebook social network has been an overall pleasant user experience for most users, especially if they’ve come over from the social spamming barrage common on MySpace.
Aside from being hit with 100 friend add requests from strangers and another 500 application invites, Facebook is a manageable social platform, especially since their moderation filters block out users who sent out a large volume of private messages and the number of friend add requests are capped each day. (Although it’s common to see innocents get caught in the crossfire).
So it was a pretty rare occurrence to see this on a friend’s wall (the defacto “bulletin board” for facebook users to send and receive public messages).
Given that most accounts have to go through some level of verification and you have to manually add friends (who then can post messages on your wall), I was curious to see what the message was about.
So heading over to the blogspot page, I saw:
Which is a little weird to see a Facebook login page on a blogspot domain?
Not really, until you see that the blogspot page does a URL redirect to a third party domain.
I would assume that entering your Facebook login details will parse your login name and password into a third party database (high probability that they will not have good intentions for your account).
So what mayhem can someone wreak with your hijacked account?
If you’re running Facebook ads, they could possibly run advertising on your dime.
They could also go on to spam marketing messages on other users walls.
If left unchecked, this could seriously degrade the quality of the Facebook network.
I doubt that there will be much damage done, given that Zuckerberg’s admin team keeps a tight rein on the walled gardens of Facebook.
However, losing access to your network of friends and contacts can have incur quite a bit of time to rebuild your network. Worst still, it could negatively affect any personal or business relationships you might have with your friends.
If anything, I’d check the address bar to verify domains before keying in account login information.
Forewarned is forearmed.