Since at least yesterday several Facebook Phishing scams have been going around via email and all are using a "look a like" Facebook log in page to steal a users log in details.
The domain names that have been used in the phishing scam the most are Kromked.net, Fbstarter.com and Fbaction.net .
UPDATE: You can add the domain: hrunixar.com to the list above also.. the latest as 4-30-2009 …. This one registered at PAKNIC and using the same DNS as the others as stated below.
Do not click on or try logging in if you get an email from any of those domain names.
All three domain names have been created within the past couple days according to Whois.
Kromked.net and Fbaction.net were both registered with the domain name registrar Regtime LTD and Fbstarter.com (the one going around today) was registered Today and registered at the domain registrar ALANTRON BLTD.
Although the site may "appear" to look like Facebook, graphics are Very Easy to create a look a like. You should always pay attention to hidden urls and never trust a "link" in any email. It is always safest to type a domain name directly into your browser.
I did a lot of checking to find out who these people are, but only found one thing in common.. they use free hosting and the servers freedns.ws mostly. Whois Registrant info was nearly always different, but the most common name used that I could tell according to Whois is:
Gano Marleau
4604 Duke Street
Montreal, QC H3C 5K4
CA
This was the the name used most due to trails of "other" domains used in email address like, FBSTARTER.com lead to SEOSTUDIO.at which lead to BRONZEMAIL.NET & INTERLAYER.NET with the last two having the above registrant name used.
Since mostly different names were used, it’s not always easy to track scammers, so that could also be a false name used above.
Either way, it’s always best to only visit any domain name directly by direct navigation. Use whois.sc to find out who owns a domain name. Be sure to check Creation Dates on domain registration as many scammers will use a domain name that was just registered.
Pommy Singh
I am sick of getting emails from supposed social networking groups. These seem to be more dangerous as they use similar sounding domain names to fool people…
Reece Berg
Thanks for the heads-up Jamie. With how many people saying they’ve had domains stolen lately, I don’t both clicking links in any emails anymore — can never be too safe