KaKoo

A Facebook phishing attack is on the loose this weekend — the third widespread attack on the site in the past three weeks. The attack attempts to steal your Facebook login credentials, install malware on your computer and even get your home address.

The attack is spread via a “hilarious video” posted to Facebook walls, reports WebSense. When clicked, a form appears requesting your Facebook login.

The attack then returns you to Facebook, installs an app called “Media Player HD,” and asks you to download the “FLV player” — doing so installs malware on your machine. It gets worse: Depending on your location, you may also be presented with a contest to win an iPad … if you just enter your home address.

To avoid getting caught, simply remove the “hilarious video” if you find it on your FacebookFacebook wall. If you see it elsewhere on Facebook, don’t click it … and of course remember the obvious rule: Don’t enter your Facebook login anywhere other than Facebook.com.

If you already fell for the attack, change your Facebook password, uninstall the Facebook app (often called “Media Player HD”), and run a virus/malware scan on your computer.

The video below, courtesy of Websense, explains the attack.

---

For more social media coverage, follow Mashable Social Media on TwitterTwitter or become a fan on Facebook

---

New research from Kaspersky Lab shows that the number of phishing attacks on social networks has increased in the first quarter of 2010, especially at Facebook, the fourth most popular online target.

The primary target is PayPal, the victim of more than half (52.2%) of all phishing attacks. eBay is the second most targeted organization at 13.3% and HSBC rounds out the top three with a 7.8% share. The report also revealed that links to phishing sites appear in 0.57% of all mail traffic.

Facebook’s presence on the top 10 list — it is the target of 5.7% of attacks — comes as no surprise given the string of widely publicized phishing attacks in recent months. Most recently, board member Jim Breyer saw his account compromised in a phishing attack that was perpetuated via a misleading Facebook event invitation.

What’s even more remarkable, however, is that Facebook is a more popular target than GoogleGoogle and the IRS. Google ranks fifth on the list of organizations, accounting for 3.1% of the phishing pie, while the IRS attracts 2.2% of attacks.

The full report looks at both phishing attacks and spam. There’s good news on the spam front, as the volume of spam has stabilized. “The saturation of the spam market has led to a halt in the growth of the volume of unwanted emails in mail traffic, having stabilized at around 85.2% in the first quarter of 2010,” the report said.

Image courtesy of iStockphotoiStockphoto, Antagain

Twitter users are reporting a new attempt to extract their usernames and passwords — a Direct Message attack that asks “You’re on here?” with a link. Others report DMs linking to a site called “mhansenhome” with the message “someone posted on their blog about you.”

The advice is straightforward: If you get such a message on Twitter, DO NOT click the link or enter your login details on the landing page. If you find you’re sending out these DMs to friends, change your TwitterTwitter password.

Twitter recently took steps to combat phishing by introducing its Twt.tl URL shortener — links sent via DM now appear as “‘twt.tl” links in your e-mail notifications, allowing Twitter to re-route malicious links to a warning page in some cases.