Facebook users are being hit with yet another phishing attack. This one arrived as emails in user inboxes, directing them to visit a link that looked like it was connected to Facebook. Once users arrived they were greeted with a fake Facebook login page. Those that fell for the deception and provided their login info had it stolen. Experts say the stolen usernames and passwords would most likely be used by the scammers to log into other sites like eBay, Paypal, and online banking services. Scammers do this because they know many people use the same username and password on multiple sites.
“We’re aware of the attack and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users,” a spokeswoman from the site said Friday.
If you get such a message in your inbox, delete it, and if you, like many, use the same username and/or passwords on multiple sites, change them! This is especially important on sites where you do any kind of financial transactions.
Phishing attacks are happening more and more, but simple common sense is all that’s needed to protect you. Remember that no legit site will ever ask you for your username and password via email, and any site you do business with will always address you by your name or user name in any email correspondence, not “Dear User.” Also beware of any legit looking email that’s riddled with bad grammar or spelling errors.
Finally, if you’re still unsure if an email is legit or not, simply let your mouse hover (don’t click!) over the links in them and look in the information bar below it. No matter how slick an email might look, scammers still can’t hide their malicious URLs. A glance at the info bar will tell you instantly if an URL actually leads to where it says it does!