Facebook and Phishing: The New Social Frontier
With the holidays approaching, it’s not always all about cheer and goodwill. Crime tends to peak during the holidays and cyber crime is included.
Facebook currently has over 1.44 billion users. It’s no surprise that cyber criminals are using this popular social networking service as a gateway to identity theft. An incredibly popular method called ‘phishing’ is a common way for these thieves to trick you in order to gain your personal and financial information. It’s so common that with a simple google search, one can find step by step guides on how to hack Facebook accounts using phishing methods.
So what is phishing and how is it done? To put it simply, phishing is where users are directed to enter details into a fake website that looks and feels like the legitimate one. Basically, these cyber criminals goals are to get you to login to your fake login page and the criminal then successfully gets the Facebook email and password.
Nearly all cyber crime comes from some sort of phishing. National Counterintelligence Executive William Evanina said in a recent interview with the Washington Examiner, “We’ve looked at all of these intrusions and exploitation of personally identifiable information over the years, both government and private sector, and just about 90% of them either started with or were enhanced by a spear phishing success.”
Recently, a colleague shared an experience he had on Facebook. He had received a friend request from someone who he thought he was already friends with. He assumed that maybe his friend had accidentally removed him and was re-adding him. After some small talk, my colleague’s friend sent him a message with a link that said “Hey, have you checked this link out?”
My colleague had an odd feeling at this point. In conjunction with the unique scenario and the poor spelling, he realized something was not right. He then asked his friend “Hey, how exactly do we know one another?” The friend responded but brushed the question aside, “We’ve been friends forever.” After a little more back and forth, the friend refused to share details on their friendship. My colleague successfully avoided this likely phishing attack. Had he clicked on that link, he would’ve been asked for his password, and had he entered it, he would’ve had a problem on his hands.
These phishing attacks can come in many forms. It may look like Facebook is emailing you about a photo violation or maybe a friend is sending you a holiday e-card. Warning bells should go off immediately if it links you to a website and asks you for your password. Odd spelling and a poor use of English is also a dead giveaway when it comes to cyber crime.
Facebook addresses how to keep your account safe with the following tips:
- Protect your password. Use a combination of at least 6 letters, numbers and punctuation marks. Avoid including your name or common words. Your password should be difficult to guess. Don’t use your Facebook password anywhere else online and never share your password.
- Never share your login information (ex: email address and password). Sometimes people or Pages will promise you something (ex: free poker chips) if you share your login info with them. If you’re ever asked to re-enter your password on Facebook (ex: you’re making changes to your account settings) check to make sure facebook.com is still in the URL (web address).
- Log out of Facebook when you use a computer you share with other people. If you forget, you can log out remotely.
- Don’t accept friend requests from people you don’t know. Sometimes scammers will create fake accounts to friend people. Becoming friends with scammers might allow them to spam your Timeline, tag you in posts and send you malicious messages. Your real friends might also end up being targeted.
- Never click suspicious links, even if they come from a friend or a company you know. This includes links sent on Facebook (ex: in posts) or in emails. If one of your friends clicks a spam link, they could accidentally send you or tag you in spam. If you see something suspicious on Facebook, report it. You also shouldn’t download things (ex: a .exe file) if you aren’t sure what they are.
- Watch out for fake Pages and apps/games. Be suspicious of Pages promoting offers that are too good to be true. If in doubt, check to see if a Page is verified. Be mindful when you install new apps or games. Sometimes scammers use bad apps and games to gain access to your Facebook account.
- Log in at www.facebook.com. Sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure that you check the page’s URL before you enter your login info. When in doubt, you can always type facebook.com into your browser to get back to the real Facebook.
- Update your browser. The newest versions of internet browsers have built-in security protection. For example, they might be able to warn you if you’re about to go to a suspected phishing website. Facebook supports: Mozilla Firefox, Safari, Google Chrome, and Internet Explorer.
- Run antivirus software. To protect yourself from viruses and malware, scan your computer.
Axiom Cyber Solutions is offering Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.
Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom