According to Kaspersky Labs statistics, in Q1 2014 fake sites imitating Facebook accounted for 11 per cent of all instances when the heuristic anti-phishing component was triggered. Only fake Yahoo! pages sparked more phishing alerts, leaving Facebook the prime target among social networking sites.
However, it’s not only Facebook accounts that are at risk here, there is also the issue of stepping stone attacks. By getting their hands on a victims Facebook login details and password, cyber criminals are then able to use this data to access victims accounts on other sites, for which they use the same login details. This demonstrates why it’s so important to have separate passwords for each account.
Todays Facebook fakery is a global business, with cybercriminals attacking the site in a variety of languages: English, French, German, Portuguese, Italian, Turkish, Arabic and others.
Unauthorised access to accounts in Facebook or any other social network can be used to spread phishing links or malware. Cybercriminals also use stolen accounts to send spam to the victims contact lists and publish spam on their friends walls or to spread messages asking their friends to send urgent financial assistance. Hijacked accounts can also be used to collect information on individuals for use in future targeted attacks.
Smartphone or tablet owners who visit social networks from their mobile devices are also at risk of having their personal data stolen. To make matters worse, some mobile browsers hide the address bar while opening the page, which makes it much more difficult for users to spot fake resources. If you regularly access social networking sites on mobile devices and you dont protect your device with a PIN or passcode, you are essentially leaving all your social network (and other) accounts wide open to cyber criminals.
Four tips on preventing your details getting stolen by ‘Facebook’
- If you receive an email notification from Facebook or a message that your account may be blocked, never enter your credentials in a form attached to that message. Facebook never asks users to enter their password in an email or to send a password via email;
- Place the cursor on the link and check if it leads to the official Facebook page. Moreover, you should manually type the Facebook URL into the address bar cybercriminals are capable of concealing the addresses to which they are leading you;
- When you have manually entered the URL in the address bar, check it again after the page has loaded to make sure it has not been spoofed; and
- Remember that Facebook uses the HTTPS protocol to transmit data. The absence of a secure connection probably means that you are visiting a fraudulent site even if the URL address seems to be correct.
Image source
