14 DAY TRIAL // By taking a swing at a social network account and successfully hijacking it, a cybercriminal opens the door to plenty more potential victims.
Facebook is the main target in such cases because it is so good a platform for sharing information, which allows bad actors to lure a lot of users.
Malware, spam and phishing links directing users to pages serving carefully planted threats are easily distributed from a stolen Facebook account.
As noted by Nadezhda Demidova, Web Content Analyst at Kaspersky Lab, criminals can use the account for financial gains, “such as extorting money from the hijacked account’s friends. The fraudster can send messages asking people to send money for help.”
Other reasons are the collection of information for launching targeted phishing attacks and even selling the account to other criminals.
Getting their hands on a social network account is done through various methods, ranging from fake notifications, emails sent from a compromised address of a friend and forum messages to banners on third-party resources.
In all these cases, the victim can be attracted to phishing pages where they are asked to log into a fake social network; the details are then sent to the attacker. A compromised Facebook account can also be used to direct the friends of the owner to malicious pages.
In the case of fake Facebook messages, one way to notice the phishing attempt is to check in the address bar if the connection is secure. A green lock is a sign that the page is genuine.
However, in the case of mobile devices, the address bar can oftentimes be hidden after the page is opened in order to capitalize on the display area, bringing the user one step closer to becoming a victim.
Information from Kaspersky Security Network shows that in 2013 the anti-phishing heuristic component was triggered by phishing sites imitating social network websites in more than 35% of the cases.
On the same note, compared to other social networks, Facebook accounted for 21.89% of the phishing alarms, while competition recorded a little more than half of that, 13.50%. In the United States, as many as 7,500 incidents were recorded.
Keeping a vigilant eye on the resources that are accessed is the best way to minimize the phishing risk.
Alarm bells should be ringing when you are asked to enter Facebook credentials into other forms than the official login page, especially if the connection is not secure, or when being redirected to webpages after clicking on a banner promising juicy content.
“If suspicious emails and/or notifications start coming from your friend(s), try to contact them: their email or social network account may have been compromised or hijacked. If so, your friend(s) will need to change the password immediately,” notes Demidova.