Beware Phishing on Facebook
I got the message above which said it came from a person (blacked out) who really is a friend on Facebook and otherwise. I clicked on it to see what video I might or might not be in. A new page opened in my browser which looked like it came from FB. It said the video required additional verification and asked me for my email address and FB password. Stupidly I gave these even though a quick look at the URL would've told me the page didn't come from FB and a closer look at the message would've told me this friend would never have used such bad grammar. The page that then came up was an ad for a direct marketing company - no video. But I think that page was just meant to make me think I clicked on a come-on and forget about it.
In fact I'd been hooked by the phish. Just gave my FB credentials to someone who can use them for who knows what and certainly would use them to phish for my friend's credentials by sending messages from my account. There is a black market on the Internet for stolen credentials. I came to my senses within five minutes and changed my FB password. Fortunately, I only used that password with FB.
It is possible that a highly efficient bot phished my friends before I got the password changed. If you got something strange from me, DON'T click on any link, please accept my apology, and also let me know.
Quick lessons:
1) Once you've logged into FB, do not give your login credentials again. The one exception is that FB will ask you for your old password when you are changing to a new one.
2) Don't assume a message comes from the friend it says it came from and don't click on any links in a message unless you're sure that it actually came from your friend.
3) If you're sending a message with a link to a friend, tailor the message with something personal to give the friend some assurance it is from you.
BTW, email phishing is very similar. I wrote about it at https://blog.tomevslin.com/2006/02/dont_be_a_phish.html. Too bad I didn't follow my own advice.
Comments