INDIA: Did you know that popular social networking pages like Facebook, LinkedIn were frequently faked by cybercriminals to try and steal personal data via phishing attacks? Reports suggest that fake Facebook sites alone accounted for 60% of social network phishing in early 2018.
Kaspersky Lab’s report suggests that in Q1 2018, Facebook also led the social network phishing category, followed by VK – a Russian online social networking service and LinkedIn. Facebook was also one of the top three targets for phishing overall, followed by Microsoft and PayPal.
The reason for this is likely to be the worldwide 2.13 billion active monthly Facebook users, including those who log in to unknown apps using their Facebook credentials, thereby granting access to their accounts. This makes unwary Facebook users a profitable target for cybercriminals carrying out phishing attacks.
What is social network phishing and how to avoid becoming a prey to it
Social network phishing is a form of cybercrime that involves the theft of personal data from a victim’s social network account. The fraudster creates a copy of a social networking website (such as a fake Facebook page), and tries to lure unsuspecting victims to it, forcing them to give up their personal data – such as their name, password, credit card number, PIN code, and more – in the process.
Cybercriminals are constantly searching for new methods to hit users, so it’s important to be aware of fraudster techniques to avoid becoming the next target. So what users need to do in order to protect themselves from phishing? Here's what Kaspersky Lab experts advise:
-Always check the link address and even better, don’t click the link, but type it into your browser’s address line instead.
-Before clicking any link, check if the link address shown, is the same as the actual hyperlink (the real address the link will take you to) – this can be checked by hovering your mouse over the link.
-Only use a secure connection, especially when you visit sensitive websites. As a minimum precaution, do not use unknown or public Wi-Fi without a password protection. For maximum protection, use VPN solutions that encrypt your traffic. And remember: if you are using an insecure connection, cybercriminals can invisibly redirect you to phishing pages.
-Check the HTTPS connection and domain name when you open a webpage. This is especially important when you are using websites which contain sensitive data – such as sites for online banking, online shops, email, social media sites etc.
-Never share your sensitive data, such as logins and passwords, bank card data etc., with a third party. Official companies will never ask for such data.