Most people have (or know someone who has) come across some type of scam via Facebook. They’re those dodgy posts that you shouldn’t click on that get sent from your friend’s accounts without them knowing; or those strange emails in your inbox; odd friend requests; or on rare occasions complete hacking of your account. Most savvy Facebook users take it as a given that this is going to occur and that no one can do a thing to stop it. They just count themselves lucky that they are not one of the users that falls for them. Well now Facebook has finally taken the bull by the horns and decided to get active in stamping out phishing scams. FB has set up an email address to report these attempts. We look at what this means for Facebook users, the potential identity theft risks from falling for a phishing scam which could endanger your credit file and how to spot one before you get caught out.
By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.
Facebook’s security page requests that if its users spot phishing scams they should report them to Facebook and its eCrime team. The intention is to help hold scammers accountable and prevent identity theft and account hacking. Here’s an excerpt from their Security page:
by Facebook Security on Thursday, August 9, 2012 at 7:31am •
Today, Facebook is proud to announce the launch of phish@fb.com, an email address available to the public to report phishing attempts against Facebook. Phishing is any attempt to acquire personal information, such as username, password, or financial information via impersonation or spoofing.
By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate. We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we’ll be able to identify victims, and secure their accounts.
You might ask yourself how to spot suspected phishing emails. Our partners at the Anti-Phishing Working Group have put together some helpful tips to avoid being deceived by these messages:
1.Be suspicious of any email with urgent requests for login or financial information, and remember, unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
2.Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t trust the sender, instead navigate to the website directly
This new reporting channel will compliment internal systems we have in place to detect phishing sites attempting to steal Facebook user login information. The internal systems notify our team, so we can gather information on the attack, take the phishing sites offline, and notify users. Affected users will be prompted to change their password and provided education to better protect themselves in the future.
While rare, we hope that you forward us any phishing attempts you encounter. Together we can help keep these sites off the web and hold the bad guys responsible. As a reminder, you can visit www.facebook.com/hacked if you think your account may be compromised.
You can find out more about phishing in our Help Center. You can also forward phishing emails to any of the following: APWG (reportphishing@antiphishing.org), the FTC (spam@uce.gov), and the Internet Crime Compliant Center (www.ic3.gov).
This is great news for FB Users, and as it may be just the impetus needed to both deter and attack these predators.
Technology magazine ZD Net’s Eileen Brown is likewise pleased with this new response, but at the same time, questions the appropriateness of where Facebook has decided to report this information:
The challenge is that Facebook has hidden this information in its Security notes. This is not an area where the average user is likely to visit. Facebook should place an alert at the top of the home page drawing user’s attention to the importance being vigilant and careful.
Hiding this page away does not show the duty of care that Facebook should show to its users — especially if it wants to avoid the potential consequences of a password or account breach.
It is only a matter of time before someone tries it… She says in the article Facebook creates new email address to fight phishing.
Phishing scams should be a topic that every online user is familiar with, but as we reported recently in our post Identity theft risks high for pre-retirees, some sections of the community can be more vulnerable to phishing scams, and they aren’t necessarily screaming out “identity theft” – they can be well thought out scams that look like legitimate requests for information etc.
On Facebook, both young and old can be at risk of phishing scams. One prevalent scam reported by the ACCC’s Scamwatch recently is the Facebook password scam email.
“…the scam email enters inboxes looking as though it is an auto-generated email from the Facebook Team. It announces to subscribers that as a security measure their password has been changed and that this needs to be confirmed. Attached to the scam email are two documents with file names beginning with ‘facebook_password’ that are supposed to include the new password.
SCAMwatch warns you not to open these attachments. If you do, you will activate a very nasty Trojan or malicious software called the Bredolab Trojan and your computer will be taken over for use by the scammers at their will.”
If via these scams, criminals are able to gain access to information like names, dates of birth and addresses then identity theft may occur. Fraudsters can build a profile with enough information to request duplicate identity documents – enabling them to have access to their victim’s good name through their credit rating meaning they could take out loans, credit cards, even mortgage properties in their victim’s name.
Fraudsters are never so kind as to pay the credit back -meaning the identity theft victim is hit twice – financially ruined and then locked out of credit and with no ability to borrow for 5 to 7 years.
How to spot a phishing scam
Scamwatch has a great article on their website titled Phishing scams on social networking sites—don’t be tricked into giving your information away! Here’s what they suggest to look out for:
Protect yourself
Never send your online account details through an email and think carefully before you give away any personal or financial information.
Never enter your personal information on a website if you are not certain it is genuine. Don’t click on the link provided in an email or call the phone number provided; instead, find the business’s contact details through a general internet search.
Keep your computer updated with the latest anti-virus and anti-spy ware software, and use a good firewall.
When using social networking websites:
• Check the privacy settings and think about who you really want to have access to your personal information.
• Be careful about what personal information you put on the internet, because scammers can use these details to guess your passwords or to commit fraud.
• Check how much information about you is available on the internet—type your name into a search engine and see how many hits you get.
• Don’t be lulled into a false sense of security—online ‘friends’ may not be who they say they are.
• If you receive an email that appears to be from a family member or friend, look at the way the email is written and ask yourself whether the email sounds like it was written by that person.
• If you receive an unexpected request for money from what appears to be a friend, try to contact that friend or their family or friends to verify the request. Do not use any of the contact details in the message.
Great advice to take on board for any FB user – but it you or someone you know has fallen victim to one of these phishing scams – there are three things you may need to do immediately (among others):
1. Change your passwords on your computer, bank, Facebook or any other relevant sites via a different computer. If you can’t because you have been ‘locked out’ of your accounts, you may need to contact your Creditors and Police immediately.
2. Report the scam to the ACCC, and if you think you may be vulnerable to identity theft, it may be better to give them a call on ACCC Infocentre 1300 795 995 and they can direct you for further advice and possibly advise you to contact Police.
3. Check your credit report. This is often the first way you might spot identity theft which has led to credit being taken out in your name. It is free to check every year from Australia’s credit reporting agencies and it will be peace of mind if it turns up clear. If there is anything on there you are not sure of, investigate and contact Police. If you confirm you have been a victim of identity theft, you can contact MyCRA Credit Rating Repairs to help with removing any bad credit which is darkening your name.
Image 1: Pixomar/ www.FreeDigitalPhotos.net
Image 2: Ambro/ www.FreeDigitalPhotos.net
Leave A Comment