Facebook stands as the soft – target for cybercriminals who major in stealing social networking accounts: as stated by Kaspersky Lab’s statistics, in Q1 2014 fake sites replicating Facebook accounted for 10.85% of all instances when the heuristic Anti-phishing component was triggered.

Here it’s seen that only fake Yahoo pages ignited more phishing alerts, leaving Facebook as the prime target among social networking sites.

Today’s Facebook fakery exists as a global business, with cybercriminals attacking the site in a range of languages as, viz: English, followed by French, German, Portuguese, Italian, Turkish, Arabic among others.

Unsanctioned access to accounts in Facebook or for that matter; any other social network can be used to spread phishing links or malware.

Cybercriminals and their fraternity also make use of stolen accounts to send spam to the victims’ contact lists and publish spam on their friends’ walls where it can be seen by other users, or to be able to spread messages requesting their friends to send urgent financial assistance. Also, Hijacked accounts can be used to collect information on individuals for use in future targeted attacks.

Smartphone or tablet owners who visit social networks from their mobile devices also stand at a risk of having their personal data stolen. To add to the drama ensuing, some mobile browsers hide the address bar while opening the page, which makes it much more hard for users to spot fake resources.

“Cybercriminals have developed a number of ways to entice their victims to pages with phishing content. They send links to phishing web pages via email or within social networks or in banners placed on third-party resources. Fraudsters often lure their victims by promising them ‘interesting content’. When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don’t become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals,” alleged Nadezhda Demidova, Web Content Analyst, Kaspersky Lab.

Expert advice in this regard –

• If you get an email notification from Facebook or a message that your account may be blocked, never enter your credentials in a form attached to that message. A word of caution here, Facebook never asks users to enter their password in an email or to send a password via email.
• Place the cursor on the link and check if it leads to the official Facebook page. Furthermore, you should manually type the Facebook URL into the address bar – cybercriminals are clever enough at concealing the very addresses to which they are leading you.
• When you have manually entered the URL in the address bar, do take the pains of checking it again once the page has loaded to be able to make sure that it has not been spoofed.
• Remember that Facebook from its part makes use of the HTTPS protocol to transmit data. The absence of a secure connection probably means that you are visiting a fraudulent site even if the URL address seems to be correct.