Social Media has become the new hunting ground for phishing attacks and the platform that attracts the most attention of all is without a doubt Facebook.
Facebook remains the world’s most popular social media network, and with 2.23 billion monthly active users worldwide, it acts as a magnet to criminals who are keen to take advantage of this mass market.
These criminals will use a host of different methods to trick us into divulging sensitive information, but the most frequently used attack method is phishing.
Phishing is one of the oldest tricks in the book and it continues to prove one of the most successful ways to scam people due to its simplicity, effectiveness and high return on investment.
There has been a 102% increase in social app phishing from 2017 to 2018 and the reason it is proving to be so successful is because users tend to be less suspicious about links on social media than they would be on other platforms.
Cybercriminals have been quick to take advantage of this lapse in security to launch targeted attacks on social networks such as Facebook. They know exactly what buttons to push to prompt us into action and what types of scams will solicit the highest response rate.
As these scams become more sophisticated, it’s becoming more and more difficult to distinguish between a credible post in our news feed and a fake phishing post set up to defraud us.
Below are some of the most common phishing scams used on Facebook
- See who’s viewed your profile – One of the most common Facebook phishing scams is clicking on a link to see who’s viewed your profile. The reality is there’s no way of checking on Facebook who’s visited your profile, so this should be avoided at all costs.
- Your account has been cancelled – This message will appear to come directly from Facebook and inform users that their account has been cancelled. To reactivate their account, users will be asked to click on a link to verify their username and password. Links in these types of emails should never be trusted and will almost certainly be set up to steal sensitive data or deliver malware.
- Investment Scams– Fraudsters will typically use the names of high profile and reputable individuals to persuade people to invest in get rich quick schemes. Of course, these are nothing more than scams used to swindle cash out of victims. In a recent case in the UK, a large number of people lost cash when they invested in a scheme they thought was endorsed by money-saving expert, Martin Lewis.
- Share this post and win prize – Posts such as ‘Like and share to win a weekend away’ will appear quite frequently in our news feeds but for every legitimate post, there will be a large proportion that are fake and set up with the sole intention of harvesting data or delivering malware.
- Free Giveaways and Gift Cards – It can be hard to fight the temptation to apply for a free gift card or giveaway but as with everything in life, nothing is free. Typically, this scam will invite a user to click on a link and ask them to refer a certain number of friends before becoming eligible for the gift. This will result in the delivery of malware, or the victim’s friends being bombarded with spam.
- New Facebook Features – This scam encourages users to click on a link to have a new feature enabled on their account, this could be the addition of a dislike button or a different coloured background. Fraudsters will often put malware or spyware into the plug-ins which are in turn used to harvest personal data.
- Fake Celebrity News – Fraudsters often use the lure of juicy and salacious gossip to reel people into their online scams. There will always be a percentage of people that want to find out about the latest celebrity affair and will click on a link to find out more. In order to view the content, they will often be asked to upgrade their video player but it is nothing more than a ruse to download malware.
Many of these scams will be peddled from fake accounts and it’s been estimated that over 60 million accounts on the social media platform are fake. Despite claims from Facebook that they’re investing in software to help identify these dodgy accounts, there’s still been a notable increase in the number of phishing scams taking place.
How to stay safe on Facebook
To protect yourself from falling victim to a Facebook phishing scam, there a number of steps you should take:
- Never accept friend requests from someone you don’t know – Social media platforms are all about connecting with people but with so many fake accounts on the platform, users should always err on the side of caution when accepting a friend request from someone they’re not familiar with.
- Never click on links requesting personal information – Facebook will never ask users to click on a link to update their personal details. These links will nearly always be created to steal sensitive info or deliver malware. If you’re unsure if the request is legitimate or not, go directly to Facebook Support through the official URL.
- Use unique Facebook login details – When phishing scams are so rife on Facebook, it’s always best to use a unique username and password so that in the unfortunate event of being phished, the attackers won’t have access to your other online accounts.
- Only enter personal information on a secure website – The URL on a secure site will always begin with a ‘https’. The ‘s’ stands for secure and ensures that all communication between your browser and the website you are visiting is encrypted.
- Install Anti-Virus Software – The installation of anti-virus software will help detect threats on your computer and block unauthorised users from gaining access. A good software program will also prevent you from accessing sites that Facebook is trying to redirect you to.
- Keeping operating systems up to date – It’s also important to ensure that your software is regularly updated to prevent criminals from gaining access to your computer through vulnerabilities in older and outdated systems.
- Use Facebook’s enhanced privacy settings – Regularly check and adjust your privacy settings on Facebook to restrict what people can and can’t see on your profile.
- Receive Phishing updates from Facebook’s security page – The Facebook security page will keep you up to date with any news or updates regarding recent phishing attacks. All you have to do is like the page and you will receive regular updates in your news feed.
Despite the increasing sophistication of phishing attacks there are a number of ways you can protect yourself online. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime. Get in touch for further information on how we can help your business.