For those not familiar with phishing, you can read our article here for a full description – but essentially phishing is a popular online confidence con that involves a scammer pretending to be someone they are not in order to extract personal information from a victim. The scammer will typically pretend to be some kind of company or organisation that the victim is involved with, and once they have fooled the victim into believing they are the real deal, they’ll request the user enter personal information such as passwords and usernames, which are duly stolen by the scammer.
Of course, as you would have correctly deduced via the title of this post, it is phishing scams that involve the scammer feigning communication from top social site Facebook that seem to be on the rise of late, which is what we discuss here.
In typical phishing fashion, scammers are dispatching both social networking messages and emails linking to fake websites that appear to be from Facebook but are sites owned by scammers that will capture and steal any information inputted into them. And it is these scams that are on the rise.
Take, for example the screenshot below that shows a website claiming your account has been disabled, and you need to verify your account information to retrieve it.
A Facebook user who receives a message or email linking to this site may be rightly concerned, but there are always tell-tale signs that you are being duped, which are easy to spot, once you know how.
The image above, for example, shows three significant giveaways. For one, the domain at the top does not belong to Facebook. Any Facebook page will begin with www.facebook.com. If it doesn’t – assume the site does not belong to Facebook. The one above is http://apps-facebook-security-account-help2011.tk – it may sound official. It certainly is not.
Secondly, the blurb at the top of the site is full of grammatical mistakes. Scams like this often originate from countries that do not speak English as a first language, and the scammers are often uneducated, meaning errors on the site are common.
Thirdly, the site asks for your password. Facebook NEVER asks for your password with the exception of logging in as normal. That is the only time you need to enter your password ever. On Facebook.com, when you log in. Period.
Now look at the image below.
Instead of claiming to reactivate your “suspended” account, this page is designed to look like the usual Facebook login screen. Victims were sent emails directing them to this page claiming they needed to login to see a video.
But take a look at the domain. Does it begin with facebook.com? It doesn’t. The domain youtubecharlie3.tk is a scam site, which steals your personal information.
We have also seen phishing sites claiming to offer rewards such as Facebook credits or gold memberships, providing you enter your Facebook details, and your bank details to boot! Archiving these sites on our site is difficult since these scammers will register a domain, use it for only a handful of weeks and move on to the next one, often using several different domains at any one time.
You can see that the social engineering aspect of these scams varies greatly, with many using different excuses or tricks to get victims to comply. However the same fundamental flaws of these scams remain the same. Facebook.com is the only site you should enter your Facebook details into. Look at the URL at the top to make sure you are on the Facebook site (clue: it begins with facebook.com !) Look out for suspicious grammatical and spelling errors and never enter your password except when you log in (and when you log in, make sure you are on facebook.com!)
Additionally, be sceptical of emails or messages claiming to be from Facebook that link to external websites. If you are sceptical from the outset, you are far less likely to become a victim to a Facebook phishing scam.