This week, you may have heard about some new phishing websites that were created to look identical to authentic Facebook pages. Phishing is common across the Internet, but the security team at Facebook has been working to halt the spread of these latest malicious sites.
The fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information. The people behind these websites, known as "phishers," then use the information to access victims' accounts and send messages to their friends, further propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained.
When the latest phishing incident surfaced on Wednesday, we quickly blocked the fake links from being shared on Facebook to stop their spread. We've been removing these links from Walls and Inboxes across the site and resetting passwords for any of the compromised accounts we detect. This foils the bad guys, because the login information they collect will no longer work.
Since phishing is an Internet-wide issue, we also work closely with others in the online security industry to combat these threats. For example, when we find a new phishing site, we send the information to MarkMonitor, a company that adds these phony sites to blacklists. If you've ever visited a website and seen a red sign indicating that it was a "Web Forgery," you've probably seen their work. They also get the fake websites taken down by internet service providers (ISPs), which connect you to the Internet and host websites, and other companies that manage websites. This is what happened with one of the phishing sites involved in the most recent attack. Together, we've responded to over 1,400 phishing sites, including over 240 since the beginning of this year.
In addition to working with others, we're always improving our own systems. We look at unusual activity on Facebook to detect threats to protect people on the site. For instance, when someone posts to their friends' Walls at a higher rate than usual, we flag the account as potentially compromised. Similar to online banking websites, we take a lot of precautions around your login. If we suspect that your account has been compromised, we ask for additional information to confirm your identity.
How you can help
To combat these threats, we need to your help, too. Protect yourself by always following a few key rules of thumb when you're online:
- Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
- Use unique logins and passwords for each of the websites you use.
- Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
- Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.
Ryan, an incident response manager on the security team at Facebook, is fishing for phishers.