Most people nowadays have got themselves into the habit of not trusting every email they receive. We’re constantly reminded that just because something looks like it came from your bank it doesn’t mean it really did. “Don’t click the links!” we’re told – sensible advice.
The trouble is, online scams are like the heads of the Hydra – cut off one and two more will grow back. Which led to a panicked call from a client who was being Phished on Facebook.
Phishing is the act of using an official looking email or message to trick you into thinking you need to enter your secure details into a site pretending to be something it isn’t.
In this case, the message looks like it has been sent from an official Facebook account – “you have violated our advertising terms” they claim. Terrible consequences await you if you do not comply – your Facebook account will be deleted and you will lose everything.
Of course, reading the message closely, the telltale signs are there – usually poor English spelling or grammar, claims you have posted something obscene.
But many people are more worried about the warning than the language used, and so will click the link. Again, in this case, the link is obviously not an official Facebook link. Or at least it’s obvious to me – but I deal with this kind of thing all day long!
To the rescue
Being the wonderful chap that I am I volunteered to login to our client’s account and check everything was ok.
Partly because I’m always intrigued to find out what the next step is!
Clicking on the link (which you should never do!) I was confronted by a pretty poor impersonation of a Facebook security page, with more warnings of dire consequences, asking for my email address, password and date of birth.
Everything you need to steal someone’s Facebook identity. Especially useful in this case, because they know they will also be able to steal your business’ Facebook page and all those lovely Likes you have spent time cultivating.
No, I didn’t put my details in!
What should I do if I receive a message like this?
1. Do not panic
Take time to read the message and look for giveaways. Is that a real Facebook / Twitter / whatever link you’re being asked to click? Does the message look genuine (spelling, grammar etc.) or does it just look scary?
2. Do not click on the link
Never click on the link in a message, login to your account directly if you’re still worried. Even if a link looks genuine, hovering over the link can often reveal a different address for the link at the bottom of your browser (it’s always a good idea to check this out on a computer rather than a tablet / mobile – you’re more easily tricked on a mobile device).
3. If you think you have given away your details, reset your password
Again, go straight to the site by entering facebook.com (or whatever) into your browser and go to change your password.
Never use the same password for Facebook as your email or any other site – if someone “phishes” your details on one site then they automatically have access to everything else if you re-use your passwords.
Passwords are one of the few things in the world where recycling is bad!
4. If you’re still worried
Ask a friendly expert, that’s what we’re here for!