Facebook Offers Users a Way to Report Phishing Incidents
Aug 9, 2012 10:49am
We’re thrilled that Facebook, an NCSA Board member company, is continuing the fight against cyberthreats with its launch of firstname.lastname@example.org -- a new email address for users to report any phishing attempts that use the Facebook name or brand. Whenever users receive a questionable email appearing to be from Facebook, they can quickly take action and notify the social media company.
If you are on the Internet, it is more than likely that you have gotten an email asking you to click on a link or visit a malicious website that could potentially contain a virus or malware. Cybercriminals have gotten very good at creating email that looks like a mirror image of what one would actually receive from a financial institution, e-commerce site, government agency or any other service or business. For phishing attacks on social media networks, they could also take the form of links in online ads, status updates, tweets and other posts as well.
Facebook has 800 million users worldwide and is one of the most recognizable brands on the planet. Therefore it’s not surprising that spammers and cybercriminals would use Facebook’s good name to try and trick people to open email and to click on things they shouldn’t. This new effort, having the Facebook community report phishing attempts and closely tracking phishing incidents, is a welcome measure.
Unfortunately, opening a phishing email and clicking a link or downloading a document can have unimaginable consequences like data theft and/or having viruses and malware installed on your computer. According to our friends at the Anti-Phishing Working Group (APWG) and their “Phishing Attack Trends Report,” over 25,000 unique phishing email campaigns were documented per month (Jan.-March) during the first quarter of 2012. Such email campaigns can account for thousands or even millions of phishing emails sent each day.
If you’re wondering how to spot a phishing attack, your gut instinct is your best asset here. In our STOP. THINK. CONNECT. campaign (www.stopthinkconnect.org) we have some simple advice: when in doubt, throw it out. In this case, we will modify that a bit to be: when in doubt forward to email@example.com.
You might think that there is no value in forwarding these emails to Facebook. The fact is that security professionals, like the security team at Facebook, can gather a lot of information from these emails that can help shut spammers down or thwart them in the future.
In addition to when in doubt, throw it out, at STOP. THINK. CONNECT. we have some other advice too:
Protecting the Internet ecosystem requires all of us to do our part. Facebook has created an easy way for members of their community to participate in building a safe and trusted Internet.