Facebook users everywhere are being warned about a new scam hitting the social network, to add to the ever-increasing list of things to watch out for on the site.
This latest ruse is a phishing attempt in the form of a private message informing the user that their profile violates the network’s policies on annoying or insulting behaviour, and will be deleted within 24 hours unless the account is re-verified. The message contains a link which leads to a page like this:
Notice the field asking for the first 6 digits of your credit or debit card…which you’re asked for again on another page:
You’re also asked for your webmail details, and armed with all this information scammers can hijack your account, send further phishing messages to everyone on your friends list, your email contacts and more.
You can read about more Facebook-related scams at www.hoax-slayer.com.
It’s not just Facebook users at risk of falling victim to phishing. If you use Twitter you’ve probably had a message like this:
Clicking the link will invariably lead to what looks like the Twitter login page, and unthinkingly you enter your details again…Whoops; the scammers now have your details and can get up to all kinds of mischief with them.
This works partly because the URL in the message uses what’s called a ‘short URL’, which cloaks the actual URL of the page. I clicked this link hoping to get a screenshot of the site it leads to, but it came up with a DNS error. However I could see that the URL it led to was “itwitterl.com/” – someone who just glanced at this would probably just see the ”twitter’ part and think nothing of it.
And it’s not just the typical social network users who get targeted by phishers. As a player of an MMORPG called World of Warcraft I have had more than my fair share of phishing emails claiming to be from Blizzard (the company who creates the game), attempting to get my account details.
The emails typically contain a warning that my account is under suspicion of ‘illegal’ activity such as gold-selling (which is against Blizzard’s policies), and a threat of account deletion unless I verify my details. The link given appears to be a Battle.net link (Blizzard’s official domain) and leads to what looks like the real Battle.net login page. You can guess the rest! Read the full story at lifeofwarcraft.wordpress.com.
Why do scammers do this, you might ask? Well a Warcraft account is an extremely valuable commodity and can be sold for real cash, used to ‘farm’ in-game materials and currency which can be sold for real cash and, because WoW is a subscription game, used to gain personal information such as bank details.
And that is essentially what all phishers are after – your personal and bank details. With them they can commit identity fraud, get access to goods and services under your name, spend your money or take out credit cards in your name, getting you into all kinds of trouble and debt.
To remain safe, don’t click on the link within an email even if it looks like it’s genuinely from your bank or other trusted source. Instead, manually navigate to the site it’s meant to go to and see if there’s anything there. If not, it’s pretty safe to assume the email’s a fake.
You can also tell in most cases by hovering over the URL in the email. The actual address will be displayed in the lower left corner of your browser, and it’s unlikely that it will be the one you expect!