Facebook phishing email hits Australia

Fake friend request making its way past security filters

Security experts have warned of a convincing Facebook phishing scam doing the rounds in Australia.

The email, which resembles genuine friend requests, includes the message `Hi, the following person invited you to be their friend on Facebook’ and an invitation to join the social networking site.

Symantec security channel product manager, Robert Pregnell, said the email can be identified as a fake because it has no confirm button and there is no prompt for an email address to sign up to the site.

“At this time we can’t say that this particular email is of a particularly aggressive or high-profile attack,” he said.

Pregnell said the vendor continues seeing samples of these types of phishing emails targeting the popular social networking site everyday as part of attackers’ ongoing activity in trying new tricks and techniques.

“Since these networks allow users to send messages to each other for free, it provides an easy entry point for spammers,” he said.

According to Pregnell, the emails can be stopped by checking the privacy policy and user account settings on the social networking site. He also advised users to have separate passwords for different accounts and regularly update their internet security.

“Have a different password for each online account and stay updated,” he said. “Make sure your antivirus, internet security, operating system and web browser software is up-to-date.”

Pregnell added that antivirus software is not enough protection.

“If you only have free, or even paid, antivirus [programs], it is up to you to stay safe,” he said.

“Multi-layered internet security programs offer additional protection with strong, non-obtrusive firewalls, watching for personal details going out of your computer, and for suspicious behaviour, even by legitimate programs on your computer.”

McAfee Asia Pacific chief technology officer, Michael Sentonas, said the Facebook phishing scam is designed to trick the recipient into going through the login process in order to accept the new friend request.

“For the unsuspecting people that do click on this and submit their login information, they may appear to login as they would normally, however, their credentials are almost always sent to the scammer as well,” he said.

Sentonas said there are other scams doing the rounds at present. These include links to pictures that do not really exist, apps that are malicious, as well as other hoaxes like Facebook shutting down in March.

He said research conducted by McAfee has shown that as much as 85 per cent of emails in some months are spam, including these types of phishing scams.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags Facebook phising emailmcafeesymantecsecurityscamsphishingFacebook

More about FacebookMcAfee AustraliaSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts