Phishing is big business for cyber criminals. They create emails, links and web pages designed to look wholly credible — usually by falsely assuming the identity of a reputable source — that prompt unsuspecting users to share sensitive personal data as a gateway to these criminals scoring a payday.
Just how big is this threat? According to research by Kaspersky Lab, 22 percent of phishing scams on the web target Facebook, and phishing sites imitating social network websites comprised over 35 percent of all cases in which Kaspersky Lab security products’ anti-phishing components are triggered. Kaspersky has recorded over 600 million attempts by users of Kaspersky products attempt to access phishing sites — and there are over 20,000 incidents every day in which users of Kaspersky Lab products attempt to click through on links that lead to fake Facebook pages.
Kaspersky Lab Research: 1 in 5 phishing scams targets FacebookTweet
On the surface it might seem like an attacker would have little to gain by getting access to someone’s Facebook account, but the social media platform is the ends to a mean. But because people are more likely to trust an email message from one of their Facebook friends, they are more likely to click on suspicious links or to open questionable emails from a friend or organization they are connected to on Facebook than they would if the email looked like it was coming directly from, say, a bank.
But another big reason attackers want access to your Facebook credentials is to hijack your account for a ransom, or to sell your hijacked account to a third party that can then use it to send spam to your friends and other Facebook users, because sending spam from real accounts works better for cyber criminals than setting up false accounts.
So how can you avoid falling prey to fake Facebook messages? Kaspersky Lab recommends taking the following precautions if you receive any email notification that appears to be from Facebook and asks you to enter your login credentials in order to access the content of the email. Keep in mind these emails can be invitations to access content or warnings that you must take action in order to prevent some sort of punitive action, like loss of access to your account:
1. Pay attention to the site’s security connection — if the URL appears correct but it isn’t preceded by https, it’s almost certainly not legitimate.
2. Compare the address of the sender to the address that usually appears when you get an email from this person or organization — it’s probably a fake.
3. Watch for spelling errors or other telltale signs of a phishing scam – if you’re reading an email supposedly from Facebook but the address that appears in the bottom of your screen when you hover over the link to visit Facebook to retrieve that message doesn’t show a URL with www.Facebook.com anywhere in it, it’s not legit.
4. If you are redirected to a new page when you open the message, check the URL of this page. If it isn’t in line with where you expected to be sent to, leave immediately.
Social networkers beware: 22 percent of phishing attacks target FacebookTweet
5. If you start to get suspicious emails or Facebook messages from your friends, notify them immediately (but not by responding to any of those suspicious messages) that their accounts have likely been hacked.
6. MOBILE USERS BEWARE: These threats are just as prevalent for mobile users, because scammers design mobile-friendly pages to achieve the same ends. What’s more, is that many browsers hide the web address bars, so it can be even more difficult for mobile users to spot scams.