Facebook remains the preferred target for cybercriminals who specialise in stealing social network accounts – according to Kaspersky Lab’s statistics, in Q1 2014 fake sites imitating Facebook accounted for 10,85% of all instances when the heuristic anti-phishing component was triggered. Only fake Yahoo pages sparked more phishing alerts, leaving Facebook the prime target among social networking sites.
Today’s Facebook fakery is a global business, with cybercriminals attacking the site in a variety of languages: English, French, German, Portuguese, Italian, Turkish, Arabic and others.
Unauthorised access to accounts in Facebook or any other social network can be used to spread phishing links or malware. Cybercriminals also use stolen accounts to send spam to the victims’ contact lists and publish spam on their friends’ walls where it can be seen by other users, or to spread messages asking their friends to send urgent financial assistance.
Hijacked accounts can also be used to collect information on individuals for use in future targeted attacks.
Smartphone or tablet owners who visit social networks from their mobile devices are also at risk of having their personal data stolen. To make matters worse, some mobile browsers hide the address bar while opening the page, which makes it much more difficult for users to spot fake resources.
“Cybercriminals have developed a number of ways to entice their victims to pages with phishing content. They send links to phishing web pages via email or within social networks or in banners placed on third-party resources.
“Fraudsters often lure their victims by promising them ‘interesting content’. When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don’t become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals,” says Nadezhda Demidova, Web content analyst at Kaspersky Lab.