Spoke with Karl today about the latest in phishing scams, which are targeting Facebook users.
Why target Facebook?
Facebook has over 500 million members and counting. It is the perfect medium for cybercrims to target as the pool of potential victims is massive. They can get a lot of information from the sites – such as DOB, occupation, where you live etc.
How do phishing scams work on Facebook and how do they make money?
i) They are collecting personalised info that can be sold to third parties, who then use the info for nefarious means like creating online accounts or trying to get credit card in your names etc.
ii) It will usually take the form of a link supposedly sent from a Facebook friend and written on your wall.
iii) They will send you a link via email which will take you to a Facebook log-in page. In fact, it is a similar web page to a Facebook log in page that the scammers have set up. Check the URL.
iv) A common scam is called the London Scam whereby the phisher hacks into a friend’s account. They pretend they are the friend and that they are stranded somewhere around the globe and need cash immediately to get home. As you think it’s your friend (why wouldn’t you?), you send the money off. It’s a scam.
v) They also use it as a way to spread malware throughout your computer.
How do they get your password info etc?
Easy – the key to a phishing scam is that they replicate web pages – in this case the Facebook log in. You will receive a message on your wall from a ‘friend’ stating they have deleted their facebook account and have started a new one. They then tell you to add to their new account by giving you a URL to a Facebook log-in. It is not a Facebook log-in, but a webpage designed to look like one.
How prevalent is/are the Facebook scam(s)?
They are becoming more popular with CyberCrims. Information on 1.5 million accounts are for sale according to a recent PC World report.