Tuesday, May 7, 2013
Beware of social engineering phishing attacks on facebook
Tuesday, May 7, 2013 by Unknown
Phishing attacks are one of the most common scams on Facebook. The goal of these scams is to obtain your Facebook user name and password. If successful, the scammers can totally take over your Facebook account and use it to spread more spam and scams to your friends. They can also mine everyone in your network for data they can later use for identity theft or other socially engineered attacks.
Here are some examples of popular phishing schemes on Facebook:
- Facebook Lottery – You’re likely to receive an email stating you’ve won a sum of money. These can also be advanced fee scams.
- Confirm Your Account – Any messages asking you to confirm your account should be viewed with extreme suspicion. If you receive an email like this, don’t follow any links. A better option is to log in to Facebook directly.
- Violated a Policy – Hacked accounts often send messages posing as ‘Facebook Security.’ If you encounter one of these scams, you’ll notice that Facebook Security will be spelled with non-traditional characters. This is done to bypass Facebook’s filters.
- Photos & Videos - The scammers attempt to capitalize on our curious nature. You will receive a message from a compromised friend’s account asking you to look at this photo or video. A popular theme is to say the picture is embarrassing or they can’t believe you did that, etc. Other variants of this scam contain files laden with malware.
Most all of these scams direct you to external links to pages designed to look like Facebook. Before logging in to any site, always verify that you are indeed on the main site. Careless and unsuspecting users are often fooled by these tricks.
Below is one example of the photo phishing scheme mentioned above.
“do you notice that they were rrecording u lol this is unpleasant lol !!”
Other Alternate Messages:
Is this you in this video on facebook, what are you doing LOL? Search on this website for your name
HAHAHAHAHA i can not believe whaat you did in thisss videeo it’s sooo stupid its all overfacebook! Coooopy and Paaaste the url below into your web browser to seeeee , its craazy!Removeee thee Spaces —>
OMG have u seen ur video on here. u should check this out!
Clicking on the link in the scam post will at first direct the user to a Facebook application and then ultimately to a phishing URL:
Scams like this are very common on the Facebook platform. Humans are curious by nature, and the scammers often use this and other emotions to their advantage. Also consider that these messages or updates may come from a friend’s hacked account. Don’t assume any links or messages are legitimate just because they came from a friend. In fact, if you receive them via Facebook chat / message, then there is a good chance that your friend’s account has been compromised. Double check your friends list and remove or block any name that looks suspicious (awkward and non-traditional spellings of Facebook Security, Account Confirmation, etc.)
Never enter your login information when a web page redirects you without first double checking to make sure you are on the legitimate site. A better option is to bookmark Facebook, and only log in from there.
Subscribe to:
Post Comments (Atom)
0 Responses to “Beware of social engineering phishing attacks on facebook”
Post a Comment