Protect Yourself on facebook : Beware of phishing scams
Facebook has been hit by a lot of phishing scams recently. If you received any emails from your friends with links to websites like "Areps.at" or "goldbase.be", it means that, your friend just fell prey to a phishing scam.So what is a phishing? Phishing websites masquerade as real websites (in this case facebook) and ask you to login. If you enter your login details in the phishing site, your login details will be stolen. Phishing is usually targeted at bank websites but it seems facebook is also a popular target.
What can you do to protect yourself ?
- Know how to identify non legitimate sites: Appearances can be deceiving. Phishers set up pages to look like real websites. To make sure you are in facebook, check the URL of the page.
The URL consists of a domain and the destination page. For
When the domain is either facebook.com OR www.facebook.com you are on a legitimate facebook page. Otherwise, even though the page might look lke facebook it is most likely a phishing site. Some phising sites have domains which have nothing to do with facebook domain. Like goldbase.de. They are easy to detect. But some may look like this
- http://www.facebook.com/home.php : Domain = www.facebook.com, Destination = home.php
- http://facebook.com/photos/index.php : Domain = facebook.com, Destination = /photos/index.php
This is most likely a phishing site and you should never ever enter your details
- http://www.facebook.com.base.de/home.php : Domain: www.facebook.com.base.de, Destination = home.php
- Don't use the same password everywhere: This is so that, even if the one of your login credentials is stolen, it is not used to access other sites where you have an account. This requires some discipline and it is actually painful to remeber a lot of passwords. So the least you can do is classify your sites are highly valuable (banking and finance sites), valuable (your email account) and not so valuable and have at the very least 3 different sets of passwords for each of these sets. Ideally you should have a different password for each site classified as highly valuable.
- Use Uptodate Modern browsers: If you are on Windows use Firefox 3, Chrome 2 or IE8. If you are on a Mac use Firefox 3 or Safari 3. On Linux use Firefox 3. It is important to keep your browsers uptodate. Firefox has a very easy updating mechanism which requires no intervention from the user except a browser restart. So if you want to easily use the latest version without much worry, use Firefox. Allmost all modern browsers has an anti-phishing blacklist which will warn you when you open a known phishing site. The keyword is "known". Phishing sites crop up daily and hence the blacklists can't help you if you come across a new phishing site.
- Be cautious: If an email or website link looks suspicious, don't open the attachments or click on the website link. If you are conviced it is a phishing email, forward it to to firstname.lastname@example.org . You also may report phishing email to email@example.com. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.
What to do if you/friend fell prey to a phishing scam?
Despite precautions if you or you fell prey to a phishing scam change your password on facebook immediately. If there are other sites where you have used the same password, change the passwords there also. The phisher might have used your login credentials to send phishing emails from your account. So inform your friends that they might have received bogus emails from you.
If you receieve a phishing email from a friend, it means that your friend's account has been compromised. Inform him immeditaley and ask him to follow the above steps.
Since a lot of phishing scams, try to deliver malware/virus to your computer, it ia good idea to scan your computer using an anti-virus after you open a phishing site.