Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Facebook phishing attacks continue

Facebook attacks are rife again, with cybercriminals looking to lure trusting Facebook users to fake sites, via phishing emails, and obtain personal login data for their own financial gain.
  • 16 June, 2009 13:36

<p>Beware of fake Facebook emails</p>
<p>Facebook attacks are rife again, with cybercriminals looking to lure trusting Facebook users to fake sites, via phishing emails, and obtain personal login data for their own financial gain. Since the beginning of May, Symantec has observed a new wave of phishing attacks on Facebook users and it seems these attacks are set to continue. This week Symantec has observed a current method of attack that targets a victim’s Facebook account.</p>
<p>Phishing attackers send a message to a victim’s Facebook ‘inbox’, as well as an email notification with the subject ‘Hello’ or ‘Hi’. The email appears to have come from the victim’s friend and includes text asking the user to visit a malicious and fake Facebook login page. From this page the attacker will then steal the user’s login credentials to launch future attacks.</p>
<p>If consumers want to avoid inadvertently sending malicious messages to their circle of Facebook friends, Symantec advises the following:</p>
<p>Always maintain a level of caution around any messages from within a website or that appear to be sent by a website. If a user clicks on a link, double-check the actual domain that is shown at the top of the page. It’s best practice to type the direct Web address directly into your address bar rather than rely upon links from a message.</p>
<p>Use complex passwords and unique ones for each site. A few suggestions:</p>
<p>Use a combination of uppercase and lowercase letters, symbols, and numbers</p>
<p>Make sure your passwords are at least eight characters long. The more characters your passwords contain, the more difficult they are to guess</p>
<p>Try to make your passwords as meaningless and random as possible</p>
<p>Use different passwords for each account</p>
<p>Change your passwords regularly. Set up a routine, changing your passwords the first of each month or every other payday</p>
<p>Never write your passwords down, and never give them out—to anyone</p>
<p>Don't use names or numbers associated with you, such as a birth date or nickname</p>
<p>Don't use your user name or login name in any form</p>
<p>Don't use a derivative of your name, the name of a family member, or the name of a pet</p>
<p>Avoid using a solitary word in any language</p>
<p>Don't use the word password</p>
<p>Avoid using easily-obtained personal information. This includes license plate numbers, telephone numbers, social security numbers, your automobile's make or model, your street address, etc.</p>
<p>Don't answer yes when prompted to save your password to a particular computer. Instead, rely on a strong password committed to memory or stored in a dependable password management program</p>
<p>Maintain an up-to-date browser and operating system. Use security software and check out web safety services, where a community of web users collaborate to report dangerous phishing and malware sites.</p>
<p>Double check you’ve arrived at your destination. When clicking over to Facebook (or any site) make a habit of looking at what appears in the address line. You might not always be able to spot a fake site but in the case of this particular scam, it’s obviously not</p>
<p>Be suspicious of requests to enter your account name and password
Additional information can be found here:</p>
<p>Press Contacts:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Debbie Sassine</p>
<p>+61 2 8220 7158</p>

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place