Phishing Attacks on Facebook Users Point to Efforts to Mine Login Data for Profit

A new wave of phishing attacks on Facebook users is underway. You’ll remember the story from several months back of someone whose login credentials were stolen and then the crook used that Facebook access to swindle the victim’s friends out of thousands of dollars. The current effort resembles that one, in that a compromised account sends a malicious link to friends. The friends click on the link and are taken to a site that looks just like a Facebook login page. Providing the criminals with their login and password can sometimes injure the victim beyond the damage to their social network.

So many of us admit we use the same password on multiple accounts (not just with social networks but online shopping and banking). It is believed that the focus on Facebook isn’t simply to dupe a handful of people in a drawn-out financial scam. Some suspect it’s part of a larger effort to target those who are highly connected, adopters of online environments and likely to be users of many related online services. Get one password for the right person and it’s like having their wallet handed over. Fortunately the team at Facebook is taking this attack very seriously and working diligently to remove messages with those dangerous links, and helping secure any compromised accounts.

OK, so what do you do? You maintain your normal level of caution about any messages from within a website or that appear to be sent by that website. If you do click a link, double-check the actual domain that is shown at the top of the page. It’s a best practice to type directly into your address bar the www.facebook.com address, rather than rely upon links from a message.

1.    Use complex passwords and unique ones for each site. My method? Pick one string of letters and numbers and then add the first letter from the website’s name. For example: if my password “string” were  “abc123$” then my Facebook password would be “Fabc123$”.

2.    Maintain an up-to-date browser and operating system. Use security software, such as Norton Internet Security 2009. Check out Web safety services such as Norton Safe Web, where a community of Web users collaborates to report dangerous phishing and malware sites.

3.    Double-check you’ve arrived at your destination. When clicking over to Facebook (or any site) make a habit of looking at what appears in the address line. You might not always be able to spot a fake site, but in the case of this particular scam, it’s obviously not www.facebook.com.

4.    Be suspicious of requests to enter your account name and password.