Tag Archives: facebook security

Something phishy is going on in Facebook

What would a world be like without Facebook? The mere question sends an icy shudder down our collective spines. It has become so embedded not only in our personal lives, but has rooted itself into the identity of different facets of society. From political parties to charities to big corporate giants, Facebook has become integral to their message.

Of course there are other social networking sites out there, all of which are user-friendly, engaging and full of interesting features – note, Google recently revealed that its own social offering, Google+, now has 90 million registered users – but none of them have had the same impact as Facebook. Heck, it even got made into a movie and a very good one at that too.

This all adds up to making Facebook particularly vulnerable to exploitation and cyber attacks. With that many people connected and overly candid about their private lives, perceptive criminals have been able to, for example, break into homes, steal identities and gain access to bank details. The worrying thing is that this openness is a sign of the age.

“People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people – and that social norm is just something that has evolved over time,” Mark Zuckerberg, the co-creator of Facebook once said.

One thing to be aware this year is a new phishing scam unique to the social networking site. The basic premise is that fraudsters are posing as Facebook security in chats. David Jacoby, a Kaspersky Lab expert, warns that not only are these scammers attempting to steal identities, but credit card information and security questions. Moreover, the move highlights a new approach to phishing.

“This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website,” he wrote. “It will reuse the stolen information and login to the compromised account and change both profile picture and name.”

Once an account has been hijacked, the profile is modified and all contacts are sent a message warning them that their account will be deactivated. It asks people to click a link which redirects them to a sham Facebook page where it asks for key login details. After which comes the ‘juicy bit’ asking for credit card details (including your security code).

Not only is it all so sophisticated, it exudes authenticity. This scam and others like it showcase the product of, dare we say it, extensive research and hard labour. The disturbing thing is that they’re becoming more popular, and unfortunately capturing people off-guard.

Although Facebook is fully aware of the security threats it faces on a daily basis – “We have spent several years developing protections to stop spam from spreading and have sought to cooperate with other industry leaders to keep users and their data safe,” it said in a recent statement – more needs to be done to educate users about how to keep their data and personal information secure. We as professionals can do our best to develop strategies to negate the impact of such scams, but to truly succeed; we need vigilance from those outside of the industry as well. Together we can make Facebook a virtual home as comfortable as that of our tangible abodes.