print version

Setting the Hook: How Facebook Phishing Scams Work

"I'm stranded in london got mugged at gun point last night / all cash, credit card and phone were stolen."  If you are on Facebook and a friend pops up to chat, this message should certainly cause alarm - but not for your friend.  This is an example of a Facebook phishing scam; while the messages appear to come from someone on your friend list, the account has actually been taken over by phishers.  The goal of this scam, as with all others, is to make a profit from the ill-gotten account information.  The "London" scam is a classic among phishing schemes, but there is an endless variety of others.  How do you recognize a scam; and what do you do if you have been phished?

What is Phishing?

Phishing is like fishing. The phisher is trying to get computer users to take the bait, whatever that bait may be.  In the example above, the "bait" is the friend in need.  The schemer is trying to get you to send money to a Western Union account.  These types of scams are particularly prevalent on Facebook.  Why?  Because that is where the fish are!  There are over half a billion users on Facebook, and internet security firm, Check Point, estimates that about 35 percent of all Facebook users - 175 million people - are at serious risk of being taken in by a phishing scam.

The goal of phishing schemes is to:

• Compromise a user's account and use various schemes, such as the "London" scam to extort money from that user's friends.
• To gain access to account and personal information, including your name and address. The scammers can apply for credit cards in your name.

And/or to:

• Comment spam to spread links to friends and friends of friends. One affected user can spam (without his knowledge) dozens or even hundreds of his friends. The goal of comment spamming is to build links to promote a rogue website or to get more users to click on links and provide account information.

Thirty-five percent of Facebook users could be affected by phishing at some point in their use; it may be easy to tell that the "London" scam is illegitimate because you know that the friend in question is three time zones away from the UK.  But they are not always as easy to spot.  What should you be looking for?

Are You Being Scammed?

Phishing scams take many different forms.  Some, like the example we began with, take a compromised account and interact directly with other Facebook users.  They will typically rely on a variation of the "friend in need" theme: a friend has been robbed; a friend needs a few hundred dollars for plane or train fare; a friend had an accident and needs financial help.  Initially, you may believe them because they appear to know personal details.  However, under furthering questioning, inconsistencies begin to appear and it becomes easy to identify these scams.

Harder to identify are the link schemes.  These are posted on your wall from people on your friends list and appear to be links for news stories, videos, games, or other applications.   Because people can, and do, post links legitimately to share information, it can be difficult to discern which are scams.  Here are some very common examples (with links omitted):

• "OMG!! I didnt believe you could see whos been looking at your profile but it actually works, I now know exactly who has been looking at my pictures Check it out ...here: @ h t t p : / / b i t . l y / f o p z B Z"
• i can't believe...facebook is really deleting profiles that are not verified as active here."
• Hey! Save your profile from getting deleted...prove your profile as active here."
• OMG! facebook is deleting inactive profiles...verify it as active here."
• Facebook is deleting inactive profiles please verify as active and save it from getting deleted here."

Others use products and prizes as bait:

• I just got the ipad that I ordered at [phishing website] as a tester and just now received the thing in my mailbox. All you need to do is tell the site your thoughts about ipad and then u get to keep it for ever. You need to be quick because I highly doubt this is gonna last for ever"
• Tony King February 1 at 4:22am Report
  This is a notification from facebook management for this new year promo for facebook users. Mr Mark Zuckerberg the CEO and CO founder of the facebook is giving away the total sum of $15,000usd(Fifteen thousand dollars) each to facebook users whose username was randomly picked to play the computer ballot game. Your screen name was selected to play in the promo game award. Congratulation! You are the proud winner of $15,000usd from facebook new year promo award. Do get back to us with your full details, including full name, address, city, state, and zip code.

Still others target links to news stories and videos.  These change depending on the trending topics of the day; for instance, the story, "Charlie Sheen Found Dead at Home" is currently making the rounds.  Also common are stories of a girl who killed herself because of a post her father had written on Facebook.  This is an urban legend; there is no girl, but phishers know that this is an attention-getting post.

Interestingly, it is the "warnings" for these spammed links that present more of a nuisance.  This, for instance, about the Charlie Sheen story:

• ALERT TOO ALL FRIENDS****Do not click on a post that says (Charlie Sheen Found Dead at Home)...it is a bad virus...repost for other friends so everyone will know...NOTICE NOTICE NOTICE**************

Chances are you have seen these alerts on your wall.  If you have, you haven't just been warned, you've been spammed.  These "warnings" are self-replicating Trojans, and friends unwittingly help spread them.

What Now?

If your Facebook account has been compromised, you are not alone...in fact, you have about 175,000,000 fellow users to keep you company.  It may be virtually impossible to keep a spammed link or scam attempt from occurring in your account, but there are steps you can take to protect your account, your information, and your wallet.

• Change your password immediately. Do not use the same password for your Facebook account as you do for other online accounts.
• Warn your friends that your account has been compromised. Many people do this with a status update, alerting friends to spammed links or other dangers.
• Report the phishing scam to privacy@facebook.com.
• Update your browser and be sure it includes an anti-phishing blacklist. IE8 and Firefox 3.0.10 are two browsers that have this feature.
• Don't click on suspicious links. If you don't think your friend would post "Paris Hilton Throws Dwarf into Street" and provide a link, then follow that instinct!
• Scrutinize links that appear to come from Facebook. Often, they will be different: www.thisisnotfacebook.com is a common one, as are domains with a variation of ru or other prefix after the .com.
• If you do click through to what you believe is a spammed link, do not provide any account information. Some spammed video links will prompt you to download ActiveX video codec. Don't do this because it is a common method of distributing Trojans containing malware.
• Don't spread "warnings."
• Become a fan of the Facebook Security Page to receive updates on new threats and tips on how to protect your account and information.
• Never wire money to any account or provide bank or credit card numbers. Even if the request appears to come from a friend, do not fall for this costly scam.

Phishing scams can happen to anyone; in fact, you would be hard pressed to find a single user, including Mark Zuckerberg and his dog, Beast, who hasn't been affected in some way.  Knowing what to look for will help prevent your account from being compromised and your information put at risk.

 to top