WHAT IS PHISHING?
A phishing scam is when someone fraudulently and illegally imitates a trustworthy source to steal usernames, passwords, credit cards info, etc.
It can not only occur through e-mail, but also through wall posts, facebook messages, and Facebook chat.
...
HOW TO RECOVER
If you think you have had your account compromised, immediately change your Facebook password at https://www.facebook.com/editaccount.php
Also, report the scam to Facebook by sending an e-mail to privacy@facebook.com
HOW TO AVOID BEING SCAMMED
Before entering any sensitive information like usernames or passwords, make sure you are on facebook.com and not a similar, but different domain.
Read the Facebook blog for suggestions and what they're doing to help: http://blog.new.facebook.com/blog.php?post=25844207130
HOW TO RECOGNIZE A PHISHING WEBSITE
It is easy to make a domain name (thus a URL, or web address) look legitimate when it is fraudulent. The only part of a domain name that is unique to the owner is the part immediately before the .com or .org, etc. So anything that ends with facebook.com (like ilstu.facebook.com, or photos-d.ak.facebook.com) with no single forward slash (/) to the left of it, is legitimately Facebook. A website can include the term "facebook" before the domain in something called a subdomain. For instance, an address like this looks moderately legitimate: facebook.com.profile.php.id.335781.com. But a closer look reveals that the domain is actually 335781.com. The rest of the terms are subdomains. So always check the domain before you share personal info. For more on the anatomy of URLs (web addresses) take a look at the images in this group's photo gallery below.
FREQUENTLY ASKED QUESTIONS
1) Why would someone want to steal Facebook e-mails and passwords? If a phisher steals your profile, they have access to the trust of all of your friends, which can lead to manipulation (called "social engineering" - see the "London scam" below). Phishers may also attempt to use your password on other online accounts associated with your e-mail address.
2) Why is it so urgent that word gets out about this? Imagine this scenario: The scam starts with one person who has 300 friends, so it gets sent to 300 people. Even if only 1% of people fall for it, 3 more account logins have been collected and compromised. The next day, wall posts are sent out from 3 accounts to a total of 900 people. 9 more people fall for it, and the total of compromised accounts is 13. If this trend continues daily, by the end of the week, over 300,000 people have come into contact with the scam, and the phishers have unauthorized access to over 3,000 Facebook accounts. By 14 days, over 2 million Facebook profiles have been compromised. This can spread like wildfire if people are unaware of the scam.
A phishing scam is when someone fraudulently and illegally imitates a trustworthy source to steal usernames, passwords, credit cards info, etc.
It can not only occur through e-mail, but also through wall posts, facebook messages, and Facebook chat.
...
HOW TO RECOVER
If you think you have had your account compromised, immediately change your Facebook password at https://www.facebook.com/editaccount.php
Also, report the scam to Facebook by sending an e-mail to privacy@facebook.com
HOW TO AVOID BEING SCAMMED
Before entering any sensitive information like usernames or passwords, make sure you are on facebook.com and not a similar, but different domain.
Read the Facebook blog for suggestions and what they're doing to help: http://blog.new.facebook.com/blog.php?post=25844207130
HOW TO RECOGNIZE A PHISHING WEBSITE
It is easy to make a domain name (thus a URL, or web address) look legitimate when it is fraudulent. The only part of a domain name that is unique to the owner is the part immediately before the .com or .org, etc. So anything that ends with facebook.com (like ilstu.facebook.com, or photos-d.ak.facebook.com) with no single forward slash (/) to the left of it, is legitimately Facebook. A website can include the term "facebook" before the domain in something called a subdomain. For instance, an address like this looks moderately legitimate: facebook.com.profile.php.id.335781.com. But a closer look reveals that the domain is actually 335781.com. The rest of the terms are subdomains. So always check the domain before you share personal info. For more on the anatomy of URLs (web addresses) take a look at the images in this group's photo gallery below.
FREQUENTLY ASKED QUESTIONS
1) Why would someone want to steal Facebook e-mails and passwords? If a phisher steals your profile, they have access to the trust of all of your friends, which can lead to manipulation (called "social engineering" - see the "London scam" below). Phishers may also attempt to use your password on other online accounts associated with your e-mail address.
2) Why is it so urgent that word gets out about this? Imagine this scenario: The scam starts with one person who has 300 friends, so it gets sent to 300 people. Even if only 1% of people fall for it, 3 more account logins have been collected and compromised. The next day, wall posts are sent out from 3 accounts to a total of 900 people. 9 more people fall for it, and the total of compromised accounts is 13. If this trend continues daily, by the end of the week, over 300,000 people have come into contact with the scam, and the phishers have unauthorized access to over 3,000 Facebook accounts. By 14 days, over 2 million Facebook profiles have been compromised. This can spread like wildfire if people are unaware of the scam.
