Facebook Scams - Phishing [iTsArticles]

Phishing

Have you ever seen one of your Facebook friends make posts or send messages that advertise something or try to get you to click a link? Most likely, their account has been hacked through a technique called phishing, a form of social engineering.
Phishing is the technique of tricking a user of a social networking site like Facebook into giving away their log-in information, with which the attacker can do whatever they want with the person’s account. See Facebook's description for more information.
There are three main ways of doing this that I know of: sending the target an e-mail, tricking the target into thinking that they are entering their information into Facebook’s log-in page, when in reality, they’re entering their information into a completely different website that will then store their e-mail and password for later use, and getting users to give their log-in information to phony applications.

E-Mail :

What to look out for:

• E-Mails asking for your Facebook password
• Fake Facebook log-in pages
• Applications that ask for your log-in information to work, especially those promising things that have articles written about them on this site - profile trackers, dislike buttons, etc.

What you can do:

• NEVER tell anyone your password
• Only enter your log-in information if you are SURE it is the real log-in page
• Bookmark the real log-in page
• Some legitimate applications do require your log-in information, but there are many phony ones that don't. Make SURE you trust any application you give your log-in info to.
• Keep up to date with the latest security news at Facebook Security

The way phishing typically works with e-mail is that the attacker will send the target an e-mail, saying that it’s from “The Facebook Team” or something similar. They may even go to the trouble of putting one of Facebook’s official e-mail addresses in the “From” field of the e-mail to try to convince people that it’s actually from Facebook (which is very easy to do, so don’t rely on whatever website or program you use for e-mail to tell you who is actually sending you what you see in your inbox). The message will say something to the effect of Facebook needing the user’s log-in information for one reason or another, and that the user needs to reply to the e-mail with their log-in info or go to some website and enter it there. The web site of course will look like a Facebook page but is actually made by the hacker. So, by posing as Facebook, a hacker can get the password of a user through e-mail, if the user falls for it.

Fake Log-in Page

The second way of stealing log-in information is by having the user click on a link somewhere, which brings them to a page that looks exactly like the Facebook log-in page. If the user enters their information there, their info gets sent to the hacker, and then the user gets redirected to the real log-in page, which tells them that they entered the wrong information and need to try again, making the user think they just made a typo, so they don’t suspect a thing. In reality, they’ve just effectively given control of their profile over to a hacker.
So how should the average Facebook user defend themselves against such techniques? If hackers can pretend that they’re e-mails are being sent by Facebook, how do we know what e-mails to trust? If attackers can make web pages that look exactly like the Facebook log-in page, how do we know where we can safely enter our e-mail address and password?

While hackers could do anything they want with someone's profile with that person's log-in information, they typically will do one or more of the following:

• Change the user's status to advertise something, usually with a link in it
• Post on the Walls of the user's friends and send them messages advertising something
• Promote groups, pages, and applications that serve the hacker's interests

If you notice that your account has been experiencing any of the above, you have probably been hacked and should change your password immediately. For more information, see Facebook's security page regarding phishing.

Fake log-in pages can look exactly like the
real thing, so never rely on what the page
looks like.

Third-Party Sites :

The third way of getting a user's log-in information is by setting up an application that doesn't actually do anything, but promises those who add it that it actually does. In addition, the application will tell the user that it needs the user's log-in information in order to work properly, which some legitimate applications actually do need. Once the user submits their information to the application, the attacker now has access to their profile and can do whatever they want with it. For more information, see the article about applications on third-party websites.

Solutions :

As far as e-mail is concerned, if you receive an e-mail asking you for your password, the message is NOT from Facebook, even if the message says it is and even if the “From” field in the e-mail says it is. Facebook’s Help Center states here that “Facebook will never request your password and we do not advise giving your login information to anyone under any circumstances.” Therefore, if you ever get an e-mail asking for your password, you know it’s not Facebook so you shouldn’t respond to it or click on any links in it.
As for the fake log-in page, there are a couple ways to tell. If you just recently logged into your Facebook account or have used it recently (i.e. you haven’t left your computer sitting there for hours) and all of a link you click on brings up the log-in page, then chances are, the page is fake and is trying to steal your information. Also, the URL of the page will give it away. If the URL in the address bar of your browser does not have “facebook” somewhere in there or if it is longer than normal, then the page is a fake. Even something like “www.facebook.example.com” is fake, because in this case, example.com is the actual website, not Facebook. When in doubt, if you come across a Facebook log-in page, then just type in “www.facebook.com” into your browser. You can also just bookmark the Facebook main page in your browser and click on it whenever you’re unsure of whether the log-in page on your screen is legitimate.
To combat phony applications that try to steal your log-in information, make SURE you trust any application that asks for it. If the application claims to do something that I've written an article about on here or anything that would seem to go against Facebook's policies, be sure to stay away from it.
Facebook mentions these phishing threats along with other ways to protect your account in its Help Center.

ItsArticles.Blogspot.Com