Latest

History > 1/21/2014

History > 12/02/2013

History > 10/24/2013

History > 2/06/2013

History > 8/01/2012

History > 3/30/2012

History > 2/01/2012

History > 9/06/2011

History > 7/01/2011

History > 4/15/2011

History > 2/10/2011

History > 11/29/2010

History > 9/29/2010

History > 8/03/2010

History > 6/21/2010

History > 3/09/2010

History > 12/28/2009

History > 8/07/2009

Blog

Watch out for Phishing Emails from "Facebook"

08.18.11

A Facebook Notification Phishing Scheme


As we’ve mentioned before, email phishing is still a very common method cybercriminals use to steal sensitive information. Furthermore, these criminals continue to find ways to make their emails seem legitimate.

Take a look at the email body pictured to the left. It looks like a legitimate email from Facebook, right? And it has none of the misspellings or grammatical errors that usually give phishing attempts away. 
 
The problem is that clicking on any of the links will not take you to Facebook; instead, you could be prompted to give your Facebook credentials to a third party, or you could even inadvertently download malware. Pretty sneaky, huh?

How to Tell Phishing Emails from Legitimate Ones
 
So how could you defend against such a phishing scheme? Well, first of all, if you aren’t used to seeing emails like this from Facebook, don’t click on anything. Navigate to your Facebook account to see if, in fact, you have a new message. When in doubt, don’t click.
 
Secondly, a good practice to get into when dealing with links in emails is double-checking a link’s validity before clicking on it. You can do this by hovering your cursor over a link without clicking. Most email clients (such as Outlook or Mail) will bring up a box displaying the actual URL behind the link after you hover for a few seconds. If you’re checking your email in a web browser (such as with Gmail), the link’s URL will appear across the bottom of the browser window. In either case, if the link’s URL does not match where it claims to be sending you, do not click on it. In the case of the email pictured on the left, the links would send you a strange-looking web address—not to Facebook—if clicked.
 
While that might seem like an annoying hoop to jump through, just consider the alternatives of having to deal with the headache of malware or having your Facebook account hacked. The increasing sophistication of phishing attempts means that we have to be all the more vigilant.