Facebook Among Top Phished Web Sites
A washingtonpost.com colleague today called my attention to a phishing scam targeting Facebook users that is apparently getting some digital ink from Twitter users and various blogs. I figured this was as good a time as any to note that Facebook is and has been for some time one of the brands most frequently targeted by scam artists, right up there with some of the world's largest banks.
According to phishtank.com, a community-based site that tracks phishing Web sites, Facebook.com was the seventh most-phished brand in March -- even ahead of the Internal Revenue Service, and that was during tax month! In fact, Phishtank found at least 104 phishing Web sites targeting Facebook users, or an average of three different Facebook phishing campaigns each day.
Why on Earth would cyber crooks want to hijack your Facebook profile? Why, to trick your friends into visiting sites that try to download malicious software, of course.
One the most common ways people get phished is by clicking on a link that takes them to a page that mimics the facebook.com login page. Users can avoid this by clicking on a bookmark for the login page, or by typing facebook.com into a browser window.
If you want to take advantage of a neat security feature built into facebook.com, add an "s" to the usual URL you use, so that it reads "https://www.facebook.com". By visiting this link, you should notice that the address bar turns from the usual white to green. This indicates that the site you are visiting has obtained extended validation or EV certificate.
EV certs are a technology for helping consumers verify the legitimacy of commercial Web sites. They cost quite a bit of money to obtain, and require the requesting entity to go through an extensive investigation to prove they have the rights to a given Web site name.
Note to Facebook: If you want to reduce the number of your users who fall for these phishing scams, educate users to log in at https://www.facebook.com, and to look for the green address bar.
April 29, 2009; 5:55 PM ET
Categories: Fraud , From the Bunker , Latest Warnings | Tags: ev certs, facebook, phishing, phishtank
Save & Share: Previous: Spam From Hijacked Webmail Accounts
Next: Microsoft Pushing Out IE8 Through Auto Update
Posted by: Annorax | April 29, 2009 8:22 PM | Report abuse
Posted by: BTKrebs | April 29, 2009 8:44 PM | Report abuse
Posted by: MaxH | April 30, 2009 9:37 AM | Report abuse
Posted by: Annorax | April 30, 2009 11:03 AM | Report abuse
Posted by: moike | April 30, 2009 1:28 PM | Report abuse
Posted by: BTKrebs | April 30, 2009 2:43 PM | Report abuse
Posted by: CP3O | April 30, 2009 3:15 PM | Report abuse
Posted by: ideallydc | April 30, 2009 3:33 PM | Report abuse
Posted by: Ozexpatriate | April 30, 2009 7:46 PM | Report abuse
Posted by: BTKrebs | May 1, 2009 12:05 AM | Report abuse
Posted by: VaGent1 | May 1, 2009 2:12 PM | Report abuse
The comments to this entry are closed.