Security experts have warned of a convincing Facebook phishing scam doing the rounds in Australia.
The email, which resembles genuine friend requests, includes the message `Hi, the following person invited you to be their friend on Facebook’ and an invitation to join the social networking site.
Symantec security channel product manager, Robert Pregnell, said the email can be identified as a fake because it has no confirm button and there is no prompt for an email address to sign up to the site.
“At this time we can’t say that this particular email is of a particularly aggressive or high-profile attack,” he said.
Pregnell said the vendor continues seeing samples of these types of phishing emails targeting the popular social networking site everyday as part of attackers’ ongoing activity in trying new tricks and techniques.
“Since these networks allow users to send messages to each other for free, it provides an easy entry point for spammers,” he said.
According to Pregnell, the emails can be stopped by checking the privacy policy and user account settings on the social networking site. He also advised users to have separate passwords for different accounts and regularly update their internet security.
“Have a different password for each online account and stay updated,” he said. “Make sure your antivirus, internet security, operating system and web browser software is up-to-date.”
Pregnell added that antivirus software is not enough protection.
“If you only have free, or even paid, antivirus [programs], it is up to you to stay safe,” he said.
“Multi-layered internet security programs offer additional protection with strong, non-obtrusive firewalls, watching for personal details going out of your computer, and for suspicious behaviour, even by legitimate programs on your computer.”
McAfee Asia Pacific chief technology officer, Michael Sentonas, said the Facebook phishing scam is designed to trick the recipient into going through the login process in order to accept the new friend request.
“For the unsuspecting people that do click on this and submit their login information, they may appear to login as they would normally, however, their credentials are almost always sent to the scammer as well,” he said.
Sentonas said there are other scams doing the rounds at present. These include links to pictures that do not really exist, apps that are malicious, as well as other hoaxes like Facebook shutting down in March.
He said research conducted by McAfee has shown that as much as 85 per cent of emails in some months are spam, including these types of phishing scams.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU