Facebook has more than a billion registered users, which is why the social network is often the target of phishing attacks and other cybercrime. While Facebook’s security team does its best to protect users, scammers always look for a fresh approach to deception and fraud. You must rely on yourself and your common sense to avoid phishing scams on Facebook.
To the uninitiated, phishing scams are an attempt to acquire your login credentials and personal information to allow the scammer to enter your online accounts and commit crimes. Just as fishing uses bait to attract and catch fish, phishing uses deceptive techniques to lure you into revealing your information.
You may not realize it, but your Facebook account is valuable to scammers. In fact, more than one-fifth of phishing scams on the web are aimed at Facebook users, according to data from Kaspersky Lab. Your account can be used to retrieve your information, such as your date of birth and your Mother’s maiden name, that let scammers open a credit card or bank account in your name. If you have private photos and confidential messages on your account, the scammers can threaten to release them to public if you don’t follow their demands. Scammers can also use your account to send malicious files and messages to your friends, who are more likely to open the files since it would appear that you’re the sender. Scammers can even sell your account to a third party that can then use your account for their own gains.
All sorts of nightmarish scenarios are possible when your data falls into the wrong hands.
How Do Scammers Run a Phishing Scam on Facebook?
To lure users into revealing their usernames and passwords, scammers build web pages that masquerade as Facebook’s login page. The imitation is often genuine that even seasoned users can’t tell the fakes from the real one. Obviously, the scammers still must find a way to redirect users onto their fake websites, because any sensible user would just go directly to facebook.com or open the official app to log into their accounts.
One way scammers use to accomplish their objective is to spread phishing emails. These emails would make unrealistic threats, promise great rewards, or intrigue you with controversial or exclusive content. These emails are designed to force you into action, like clicking the included links. The links supposedly direct you to Facebook’s login page, but, actually, leads you to a fake.
Scammers may also use malvertising, Facebook’s instant messaging, and compromised accounts to lead users to the fake login pages. One of the more sophisticated phishing scams even exploit the app platform, or the component that developers use to integrate their games, apps, and websites with Facebook, to display an iframe from an external site that disguises itself as a Facebook Page Verification form.
How Do You Spot and Avoid a Phishing Scam That’s After Your Facebook Account?
Your common sense is your best weapon against a phishing attack. If a friend suddenly shares an odd-looking post he wouldn’t normally share, then something is wrong. If a random person suddenly contacts you and sends you a link or file attachment, verify the identity of the sender and the origin of the link or file first before you decide to open it. If there’s no way to verify, end the communication. Believe in your instincts when it tells you that something is wrong.
A dead giveaway that you’re no longer on Facebook, even though the page you’re currently viewing awfully looks legit, is that the URL is not preceded by HTTPS and a lock icon. Spelling and grammar errors should also raise your doubts.
Watch out for emails that claim to come from Facebook. The social network will never ask for your login credentials in an email or through instant messaging. Be skeptical about people claiming to be a Facebook representative, especially when you haven’t asked for customer support. Don’t readily click on links you find on comments or status messages of friends; these links could lead you to a phishing website. Check if the URL is legit. Don’t be fooled by fake online surveys, contests, discounts and live-stream videos.
For added protection, pay for a subscription of a good Internet security suite with an antiphishing component. Bitdefender, Kaspersky, Symantec and Trend Micro offer some of the best security suites that rank high in antiphishing tests for their accuracy.
How Do You Recover from Phishing Scams on Facebook?
Phishing scams can victimize even the best of us, no matter how careful we are. If you realize you’ve unknowingly clicked a phishing link, immediately change your password. Go to the Apps Settings page, and review applications that you’ve granted permission to access your information. Remove any unknown or suspicious apps. If the scammers have used your account, check your timeline for any malicious posts the scammers may have published. Tell your friends that your account has been compromised, and warn them of questionable links that supposedly have come from you. You need to act quickly to minimize the possible damage to your finances and reputation.
What Else Can You Do To Protect Yourself?
Like and follow Facebook’s official pages for security and safety. These pages occasionally publish not just posts that educate users on how to protect their social media accounts but also news about the social network’s latest security measures.
Enable Login Approvals at the Security Settings page on Facebook. It’s a two-factor authentication feature that sends a security code to your phone whenever your account is accessed from an unrecognized browser session. Without this code, scammers cannot log into your account even if they know your password. You should also enable the Login Alerts feature since it lets you be notified immediately when someone else accesses your account from an unrecognized device or browser.