Cybercriminals have made social media their target. They have been infiltrating social networking sites and creating phishing emails that the average user would not suspect to be malicious.
But what is a phishing email? Chances are, you’ve probably seen some of these fraudulent emails. They are disguised as a message from a legitimate company, but designed to trick individuals into revealing personal information: account usernames, passwords, credit card details, bank account numbers or anything you wouldn’t readily share with a stranger.
Notification emails from popular social networks like Facebook, Linkedin and Twitter have been successful at fooling users into thinking the request for an update is from a legitimate source.
A recent Facebook swindle made its way into mailboxes by pretending to be a photo notification email. The email encourages users to view their photos as an attachment. After clicking the infected link, users didn’t see the photo – instead, they were prompted to open a ZIP file containing a new strain of malware, Troj/Agent-XNN, which gave hackers an opportunity to gain control over their PC.
A Linkedin security breach in June resulted in 6.5 million user accounts and passwords being published on a Russian website. Emails were sent out inviting users to click on a link to update their passwords. The link redirected users to a malicious site where it installed malware onto their computers.
Phishing emails have become more sophisticated in recent years. They more accurately replicate the layout, design, and voice of messages from well-known sources. You can still outsmart the cybercriminals by watching for a few key characteristics of phishing emails.
How To Identify A Phishing Email
- Look at the greeting. Legitimate sites will address you by your name or username when sending you an email of a notice or notification.
- Legitimate companies use proper English. Watch for typos and bad grammar – marketing teams would be embarrassed to send out an email with errors.
- Pay attention to the subject line. If it is overdramatic (“urgent” or “important notice”), a criminal may be trying too hard to convince you it could be from a real source.
- Look at the design carefully. Just because the logos or images look familiar, they may not be genuine.
- Watch the link destination. Any phrase, image or characters can be a link – just because the text reads as a legitimate URL does not mean it goes to that location. If you’re not sure, type the URL into the browser rather than clicking the link.
How To Protect Your Social Media Accounts From Phishing
Creating and using a strong password can help prevent cybercriminals from infiltrating your accounts, as long as you use different passwords for each account. If you fall victim to a phishing attack and use the same password everywhere, you put yourself at risk of having multiple accounts compromised.
When planning your next unique password, try some of the following tips to transform it into a password that is more difficult to guess.
- Length: Make your passwords long with eight or more characters.
- Complexity: Include letters, punctuation, symbols and numbers. Use letters from across the keyboard – not all from the same area. The greater variety of characters in your password, the more secure it becomes.
- Variety: Change your password often and set a reminder for yourself to change it every 90 days, and don’t use the same password for everything.
October 22, 2012 at 2:48 pm
I think creating and using strong password doesn’t prevent us from phising,
but nice share, 🙂