Phishing with friends

graphic of a hacker and computer monitor
« Return to Learn

Being tagged by a friend on Facebook is a fun way in sharing memories, reminiscing about a concert you went to together or sharing a throwback picture of you in high school.  However, occasionally being tagged or mentioned might be the work of a hacker looking to take advantage of you. A worldwide Facebook phishing scam is claiming a new victim every 20 seconds, according to The Telegraph.

The scam looks like this: a Facebook user receives an email notification that ‘friend’ has mentioned them in posts on the social network and encourages the user to click through to see the post. When clicking through, though, the user is taken to a fake Facebook verification webpage. Clicking the link isn’t the danger, however. The phishing happens when the user unknowingly enters their login credentials to the fake Facebook login page.

Once the hacker has a user’s login credentials, they set up a dummy Facebook profile and sends out hundreds of friend requests. When a friend accepts the friend request from the duplicate profile, the hacker will send a message or post with tempting messages to entice a click on the link, such as, “Hey, what exactly are you doing in this video? How embarrassing!” And the cycle continues

Unfortunately, this type of phishing takes place all over the cyberspace, not just Facebook. The scam spreads because people are not aware of it. To protect you from this type of scam, we recommend the following:

Check the URL

Before entering your login credentials or any other personal information into a website be sure you recognize the URL in the browser. If you’re unsure, reach out to the organization or navigate to the website on your own by typing in the correct website domain again. Also, verify the domain is secure.

Protect your device

Keep your malware, firewalls, and virus protection up to date. If you have a Mac, don’t trust the myth that you are immune. All devices need protection. If your computer has been infected with a virus, you need to run anti-virus software to keep your information secure.

Log out

After you are done with a session of browsing your news feed, log out. That goes for any website you interact with, such as your financial institution or email account.

Check the sender

Always check the email address of the sender before downloading an attachment or giving personal information. This means not just checking the sender name, but clicking into the details to see the senders email address and clicking reply to see the email address your message would go to if you were to reply. There may not be an exact match and that’s OK. However, it should be a red flag if you're receiving an email supposedly from Facebook, but the from email address is from a Gmail account, for instance.

If you’ve been hacked, on Facebook or another website, do what you can to halt the damage, by changing your password, adding additional layers of authentication or notifications when someone logs in to your account.

Knowledge is power! Keep yourself and your personal information safe by using these tips, and share with your friends to spread the awareness.