You know that phishing is a well-known method used to extract your personal data by sending you fake emails, by giving you malicious links and by navigating you to fake, look-alike websites that are meant to collect your data or to install some sort of keylogger to your machine. But did you know that Facebook facilitates easy phishing? And now, it has partnered with antiphising.org to protect its users from phishing. Let us take a look at how Facebook facilitates phishing and before discussing how to protect yourself from phishing on Facebook.
Facebook Messages May Steal Your Data
It is a known issue that people send emails that look as if Facebook sent you asking for your login details and other stuff. How do these people know your email ID? If you remember, a little while ago, Facebook started its own email system. If you have a Facebook account, you also get a Facebook email by default. It is in form of firstname.lastname@example.org. You can check out your Facebook email ID under Account settings.
Most users just enter their information while creating profiles and forget to set up privacy regarding what all is visible to others and what is to be hidden. Even if a person takes care of hiding his or her email IDs, there is another method that gives out your Facebook email ID. As said earlier, your Facebook email ID format is yourUsername@facebook.com. When a person clicks to view your profile, your username is visible in the address bar on the top of his/her browser.
One can pick up this username and add it to facebook.com and complete your email address. Now that person can send you messages with links to look-alike and/or malicious websites. When you log into Facebook, you will see a notification for that message. When you expand the message and click the links, your account is compromised. In other cases, you may be directed to external websites that will ask you for Facebook authorization and if you give them authorization, your Facebook data is stolen.
Protect Yourself From Phishing On Facebook
The best method is the tried and tested method of ignoring what looks too good to be true. If you receive messages with offers, consider them a phishing attempt and delete them immediately. You can also notify Facebook about it so that other users can be protected too. I will discuss reporting phishing to Facebook in a while.
Make sure your email addresses (including the Facebook email) are hidden from public view (everyone) under Privacy. Though people can still make out your Facebook email using the above mentioned technique, it does offer you better protection against phishing and spam.
Lastly, if you receive links in messages from unknown people, delete them after reporting the messages to Facebook. Also, if you receive odd messages from your Facebook friends, chances are that their accounts have been already compromised. You may want to ignore such messages too.
If you do not want to take any chances, ignore all messages that contain links. If you have looked into details at your messages folder, there is a subfolder named Others. It is always better to ignore links and other offers present in that folder. Messages sent by people who are not your friends generally go to that folder.
As an additional precaution, stop unknown people from sending Facebook messages to you. Go to your Privacy Settings and click Edit Settings against How To Connect. In the last option that says Who can Send You Messages, change the option to Friends from Everyone.
How To Report Phishing To Facebook?
Facebook recently came up with a dedicated email address to which you can send messages regarding any message or email that looks like a phishing attempt. The email address is monitored by both Facebook and antiphishing.org. The dedicated email address to report Facebook phishing is email@example.com.
If you received the phishing email to your email Inbox outside Facebook, you can simply forward it to the above email address. In case you received it in your Facebook inbox, click Actions tab above the message list. In the drop down list that appears, select Forward.
In the To box, enter firstname.lastname@example.org. In the Message box, type a little message telling the anti-phishing team that you are forwarding a message that appears to be a phishing attempt. You may include date, time and username too if you wish but since it is visible in the forwarded message, you can skip it.
Upon receiving this message from you, antiphising.org will look into it. If it finds links leading to malicious websites, it will ban the user who sent you the message and go ahead to take down the malicious websites. Depending upon the seriousness of the phishing attempt, it may also press criminal charges against the person who sent you the phishing message.
OPTIONAL: You can also include the following email addresses into the To box when forwarding phishing messages: email@example.com and firstname.lastname@example.org. If you want to further report spam and phishing to Internet Crime Compliant Center, you can log on to www.ic3.gov and fill out their form for complaints. Reporting to Internet Crime Compliant Center is pretty useful if you feel you were duped in some way.
The above explains phishing on Facebook, how to protect from phishing on Facebook, where to report phishing and how to report phishing to Facebook. For more general tips, see this post on how to protect yourself from phishing attaks.
If you need any more information, please leave a comment.