More Facebook Phishing Trouble : How to protect your account ?
By Riva Richmond
Facebook has faced “a concerted phishing attack” targeting its users, according to a spokesman, but the damage “is not widespread and is only impacting a small fraction of a percent of users.”
The attack resembles recent malicious campaigns earlier this month, when malcontents stepped up their efforts to steal Facebook users’ login and password information, likely in order to gather personal details for identity-fraud scams. They start with Facebook messages that aim to induce users to click on a Web link. The site they visit appears to be Facebook, but in fact is not. There, they are prompted to enter in their login and password and, voila, they’ve been phished. The attacker then uses their account to send their friends similar phishing emails and gather more login credentials.
The spokesman says Facebook is blocking links to new phishing sites, cleaning up phony messages and Wall posts and resetting the passwords of affected users. “There has been a definite ramp-up of attacks on Facebook over the last several months,” says Michael Argast, an analyst at security software maker Sophos. “As the user community grows, the criminal community sees an opportunity to make money.” The latest attacks don’t typically drop malicious code onto Facebook users’ computers, like a virus or worm would, though that could certainly change. Rather, the purpose seems to be to mine the rich personal data in people’s profile pages useful in identity theft. Facebook also believes attackers are using Facebook login names – which are email addresses – and passwords they gather to try to break into Web-based email accounts, since many people use the same passwords for multiple accounts. According to Mr. Argast, the attacks may also be tied to recently seen scams where crooks who have taken over a user’s account, impersonate him and post messages about needing money to get out of a pinch in some far-away country. Good friends have wired thousands of dollars to their supposed friend in need. Facebook offers these rules of thumb to avoid trouble:
- Use an up-to-date browser that features an anti-phishing black list, such as Internet Explorer 8 or Firefox 3.0.10.
- Use different login names and passwords for each of the Web sites you use .
- If you’re prompted to log into Facebook, make sure the address bar shows the facebook.com domain. If it doesn’t, you may be looking at a fake.
- Be suspicious of any message, post or link on Facebook that looks sketchy or requires you to type in a login and password.