Facebook's popularity makes it a prime target for hackers and malicious users who try their best to steal account information and data from Facebook users. One of the main attack vectors is the Facebook login account itself, which is subject to many different attacks including phishing and social engineering. All of those attacks have the goal to steal the user's login information in order to download data and misuse the account.A common practice, for instance, is to notify all friends of the user whose account was hacked about financial needs of that user asking them to transfer money to a bank account. Facebook PhishingPhishing, which means Password fISHING, is a common attack form on the Internet. It is usually initiated by email but can also be experienced in chats, messengers, and other programs and services where user interaction is enabled.Phishing emails are often security related or event related. Security related phishing emails might inform the user about a new security update that needs to be downloaded by following the link in an email while event related phishing might pose a new friend or chat request.All have in common that at least some of the links in the email lead to a look-a-like Facebook clone that will steal the user's account information if he/she is entered in the login form on that website. The phishing emails look like they have been sent by Facebook. They use a Facebook email address and often display the Facebook logo to earn additional trust.
One indicator of phishing is to see if the displayed link leads to Facebook or another website. This can be done by hovering the mouse over the link (without clicking). The link destination should be displayed in the email client's status bar.
Anti-Phishing TipsIt is relatively easy to avoid phishing. All that basically needs to be done is to avoid clicking on links in emails, messenger applications, and other programs. You can always visit Facebook directly to avoid clicking on those links. Everything that is important enough should be displayed right after logging into the Facebook homepage directly.You can also contact support in case you are not sure about the contents of an officially looking email.Facebook DataYou need to know three parameters for a successful Facebook login, they are:
- Official Facebook login page: http://www.facebook.com/
- Facebook username: can either be one of the registered emails of the Facebook account or the Facebook username
- Facebook password: selected by the user during setup of the email account
The first two parameters are generally known which indicates how important the Facebook password is. We suggest to use a very secure password consisting of at least 12 chars with a combination of upper and lower case letters, numbers and special characters.