Facebook Phishing Attacks
Hidden In Video Links
Phishing, the act of tricking internet users into handing over their personal details, is an activity that today’s cybercriminals can’t seem to get enough of. When people talk about phishing, email is often part of it. Hackers can easily send out thousands of phishing emails, designed to look like convincing communications from widely used sites like PayPal, delivery companies and financial institutions. The criminals play a pure “numbers game,” relying on at least some unsuspecting recipients to click links in the email. In turn, these links usually lead to a convincing, but fake login page, where people then unknowingly hand over their personal details.
However, hackers no longer rely solely on email to launch phishing attacks. Text messages, social media sites, even website popups can be deployed by hackers to hook people in. A recent high profile phishing incident used Facebook Messenger to circulate the hacker’s enticing links. In this particular case, they appeared to be video links that seemed to come from genuine Facebook friends. People’s inherent trust in their online “friends” means that this is a method that can catch many individuals off guard.
Many of those who were fooled into clicking the links landed on a fake Facebook login page. Individuals who then inputted their login details handed them directly to the hackers, which both compromised their accounts and provided the cybercriminals with additional accounts from which to send out further phishing messages. Some reports suggest that bolstered by their initial success, the hackers then tacked on additional techniques including paying for ads that led to similarly malicious pages.
It’s unsurprising that hackers have developed a fondness for using social media to launch their phishing attacks. In fact, recent statistics from Statista show Facebook as the second largest brand target for such attacks. Also making the top three are Yahoo! and Microsoft.
Using Facebook messages that appear to come from friends means that these attacks seem more likely to reap results for the hackers, especially now there’s more awareness around phishing emails. Some governments now produce official advice to help prevent against phishing. The UK government, for example, offers warnings against clicking on suspicious links and provides the public with ways to report suspicious emails and texts.
However, users of social media should still, with education and common sense, be able to protect themselves from such attacks. A random message from a friend containing nothing but a link should always be treated with suspicion. If clicking on that link then ends in a situation where there’s a request for a username and password, this definitely should ring alarm bells, especially given the fact that the user will already be logged into Facebook at the time, considering they were able to read the message.
Facebook provides its own advice to help users avoid phishing. Twitter and other social networks do the same. One of Facebook’s specific warnings is to be on guard for “mismatched” links, which is a reasonable description of what users would have seen in this incident. Essentially, any online service that allows people to receive links in messages can be used by hackers as a way to distribute their phishing links. The best defence for all of this is user education. People who are conditioned to treat all links with the utmost suspicion are more likely to pause before clicking on something. And definitely give serious consideration before logging into a website, even if it looks realistic.
Perhaps the best question for all Facebook users, both businesses and personal users, is whether there’s any YouTube clip worth watching at the risk of compromising personal details. In the vast majority of cases, the answer to that is probably “no.” However, hackers turning their attention to social media is bad news both for Facebook fans, and business owners who use the network to promote their companies. The more social media can clamp down on these activities, the more it can remain a place where people can feel safe online, to the advantage of both brands and users.