Facebook remains cybercriminals' favorite social networking site

MANILA, Philippines - Facebook remains the preferred target for cybercriminals who specialize in stealing social network accounts.

Based on Kaspersky Lab’s statistics in the first quarter of 2014, fake sites imitating Facebook accounted for 10.85% of all instances when the heuristic Anti-phishing component was triggered.

Kaspersky's statistics showed only fake Yahoo pages sparked more phishing alerts, leaving Facebook the prime target among social networking sites.

It said that Facebook fakery is a global business, with cybercriminals attacking the site in a variety of languages including English, French, German, Portuguese, Italian, Turkish and Arabic.

Kaspersky said unauthorized access to Facebook accounts or any other social network can be used to spread phishing links or malware.

It added that cybercriminals also use stolen accounts to send spam to the victims’ contact lists and publish spam on their friends’ walls where it can be seen by other users, or to spread messages asking their friends to send urgent financial assistance.

"Hijacked accounts can also be used to collect information on individuals for use in future targeted attacks," the secure content developer said. "Smartphone or tablet owners who visit social networks from their mobile devices are also at risk of having their personal data stolen."

Nadeszhda Demidova, Kaspersky's web content analyst, said that cybercriminals have developed several way of luring their victims into pages with phishing content by sending links to phishing web pages via email or through social networks.

“Fraudsters often lure their victims by promising them ‘interesting content’. When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don’t become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals,” added Demidova.

Kaspersky advices Facebook users:

• If you receive an email notification from Facebook or a message that your account may be blocked, never enter your credentials in a form attached to that message. Facebook never asks users to enter their password in an email or to send a password via email.
• Place the cursor on the link and check if it leads to the official Facebook page. Moreover, you should manually type the Facebook URL into the address bar – cybercriminals are capable of concealing the addresses to which they are leading you.
• When you have manually entered the URL in the address bar, check it again after the page has loaded to make sure it has not been spoofed.
• Remember that Facebook uses the HTTPS protocol to transmit data. The absence of a secure connection probably means that you are visiting a fraudulent site even if the URL address seems to be correct.