- Mar 18, 2009
- An Ounce of Discretion Is Worth a Ton of Privacy Settings
- Friend Management: The Key to Choosing Your Audience
- Controlling Who Sees What
- Keeping Applications in Line
- Facebook Security 101
- Reporting Abuse
- Beware of Links Bearing Trojans
- If You're Under 18
- Keeping a Low Profile
- Quitting Facebook
The term phishing refers to a kind of online fraud in which criminals try to trick people into revealing their passwords, credit card numbers, and other sensitive data.
You may already be familiar with phishing e-mails, which are spam messages disguised to look like e-mail from your bank or other sites you do business with, such as PayPal and eBay. Clicking a link in a phishing e-mail takes you to a fake site that’s mocked up to look like the real thing, where the phishers hope you’ll trustingly enter your information.
You can often identify phishing e-mails because they don’t address you by your real name the way your bank would, or because they’re littered with typos and bad grammar. (For some reason that escapes me, highly literate people rarely seem to choose phishing as a career path.) Threats are another giveaway—phishing e-mails often claim that dire consequences will occur if you don’t do what’s requested. It’s all just an attempt to intimidate you into clicking that bogus link.
On Facebook, phishing commonly takes the form of a message or Wall posting that appears to come from someone on your Friend List—but in reality, your friend’s account has been compromised, and the message has been sent by scamsters using the login information they stole from your friend. The phishers are hoping you’ll trust the message because you trust your friend, and click the link and enter your information before you have time to realize that the message is, well, phishy. If you take the bait, and the phishers gain access to your own user name and password, very shortly your other friends will start to get phishing messages that appear to come from you.
What Phishing Looks Like
If you see a posting like this appear on your Wall, you’ll know the friend who supposedly posted it got phished.
Note the telltale signs of a dodgy post: the all caps, the bad punctuation and spelling. And of course, the most important clue of all—the whole point of the post is to get you to visit a spammy Web site, which is no doubt crawling with viruses, malware, and other nastiness.
Phighting Back: Tips for Not Getting Phished
Phishing is common enough on Facebook that sooner or later you’ll come across it, if you haven’t already.
Education is your best weapon against phishers—once you know how phishing works, you’re less likely to take the bait. So here’s a bucketful of tips to help you keep from getting phished:
- Make sure your browser is up to date and secure. Current browsers are getting better at identifying and warning you about suspicious sites. Make sure you’ve got the most up-to-date version of whatever browser you’re using.
- Don’t click any links, especially links to external Web sites, if you’re not sure where they go. And pay attention to the URL in your browser. Mouse over the link before you click it, and look at the URL that appears in the status bar of your browser. If it doesn’t match the address the link is supposed to take you to, that’s a reason to be suspicious.
- Be suspicious of any Wall posts or messages that don’t sound like the friend who supposedly wrote them. If the grammar, spelling, or syntax isn’t what you’d expect from the person you know, that’s a red flag.
Set up a security question for your Facebook account. If phishers do manage to take control of it, Facebook’s User Operations team can help you restore your access by having you provide the answer to your security question. (You can set your security question on the Settings > Account Settings page.)
- Remember that Facebook will never ask you to provide your password in an e-mail or Inbox message.
- Help police Facebook by watching your friends’ backs—if it looks like a friend of yours has been phished, let them know immediately.
What to Do If You Get Phished
If you discover that your Facebook account has been accessed by phishers, there are three steps to take immediately.
- Reset your password on the Settings > Account Settings page. (As mentioned earlier, if your login information no longer works, you may need to provide Facebook with the answer to your security question so they can restore access to your account.)
- Report abuse to Facebook. Click the Help link in the footer on any Facebook page. Then type the words report phishing in the search box for a link to the form where you can submit a phishing report to Facebook.
- Run antivirus software to check your computer for any malware you may have picked up.