The name of the website will change, for example, it may change to "album88.com", "album32.com", "album99.com", "album92.com" and so on. The word "album" remains constant but the number changes.
Here is a message that was taken from one of the e-mails:
"go to album32.com and search 'had my name', then click on first photo. I bet you didn't remember that, eh?"
The album*.com websites are redirects that go to the following Facebook page:
- http://www.facebook.com .login.php-profile -signin-gkmeydlw.ihtts.com/index.php?s=dot.
This is where the phishing (the stealing of your information) takes place. The phishing website is not located at facebook.com, but instead at the website: ihtts.com.
Do not let the domain name or website address fool you. It was crafted to trick you into believing that you are on facebook.com.
For more information about the carefully crafted malicious domain name or website address (domain hack), click here.
Please login to your Facebook account at all times by going directly to www.facebook.com in your browser.
Open your web browser and type "www.facebook.com" and press the "Enter" key or the click the "Go" button. This will always ensure that you are on www.facebook.com and not some fake website impersonating Facebook, in an effort to steal your username and password.
If you are already logged into Facebook, click on a link and is redirected to another web page that asks you to log in with your Facebook username and password, please DO NOT login. Once you are currently logged into Facebook, you should not be asked to log in again unless you have logged out.
If you have logged into any of above websites with your Facebook username and password, please change your password immediately.