Recently we have heard about popular social networking sites, namely Twitter and Facebook, being targeted with a Denial of Service (DoS) attack.
It also appears as though this is not the only threat to the users of these immensely popular sites. Facebook users who allow third-party applications to access their desktops could be at risk from phishing scams.
A rogue application called ‘sex sex sex and more sex!!!’ began sending out notification to users over the weekend, of which there were more than 287,000 users signed up.
Hyperlinks in the notifications redirected users to a malicious site which then pulled up the real Facebook login site in order to gain the user’s Facebook login details.
Many people use these social networking sites but are unaware of potentially threatening phishing scams.
Phishing is essentially email fraud, which sends out emails (or notifications in the case of Facebook) from legitimate looking sites such as banks. The sites that you are redirected to will often be set up to look very similar to the actual site itself.
Typically the aim of phishing is to trick the user into entering personal details, so in the case of a bank this would be login details, personal and financial information and passwords.
Phishing generally uses spam emails sent to thousands of people, in the hope that a few of those thousands will take the bait, so to speak, and enter the information that the scammer is ‘phishing’ for.
Legitimate companies will never email you to request your personal details, so it’s best to be suspicious of any emails that ask you to do so. If you submit this information after following a link, the phisher will be able to access your account and you will be vulnerable to identity theft as well as your money or personal information being stolen.
In order to avoid being caught by one of these phishing scams, you should avoid giving out any confidential information via emails, pop ups or instant messages. As mentioned previously, a legitimate site such as a bank, PayPal or Ebay will never ask you for your details via email.
Commonly many of the emails sent have bad spelling and grammar, so watch out for this even if the email directs you to somewhere that looks legitimate; after all, a professional organisation wouldn’t send out emails with misspellings.
If you are in doubt, it is best to contact the company directly where the email has supposed to have come from, in order to check if the request is legitimate.
You can also reduce the risk of phishing emails by keeping your antivirus and firewall software up to date. You can also set up a spam filter on your emails so that only ‘safe’ emails will be delivered to your inbox.