Facebook security essentials: Avoiding phishing and scams

Facebook’s mission is to give people the power to build community and bring the world closer together – be it connecting with friends and family, supporting their favourite local business, or building community around the passions, causes, experiences and moments that mean the most to them.

Facebook recognises that people need to be able to trust the connections they make on Facebook, and want everyone to feel safe when using Facebook. That’s why it has various tools and features at everyone’s disposal to make their accounts more secure. Facebook also works hard developing, implementing, and updating its policies to prevent inauthentic behaviour and circumvent actions from profiles and pages with malicious and misleading intent.

In Sri Lanka, the importance of online safety is generally understood, but when it comes to daily implementation, the picture is different. A recent study of Sri Lankan internet users paints a different picture. 

A 2018 study conducted by the Sri Lanka Computer Emergency Readiness Team Coordination Centre (Sri Lanka CERT), an organisation that looks at the latest threats and vulnerabilities affecting computer systems and studies, outlines that the number of cybersecurity related incidents reported to Sri Lanka CERT rose from 71 to 222 from 2010 to 2017. Social media related incidents increased from 1,100 in 2012 to 3,685 in 2017. 

Reported incidents of phishing rose 19% between 2012 and 2017, while abuse and privacy related incidents rose nearly 28% during the same period, the study shows.  

Another survey conducted by Sri Lanka CERT found that, astonishingly, 50% of respondents were unaware of how to identify an email scam – the ability to verify whether an email attachment is safe to open.

On Facebook, community groups admins, business page owners, journalists, creators, and other prominent profiles should make account security their utmost priority as they can be targeted by malicious actors who want access to contacts and sensitive information. Here are essential Facebook tips to avoid phishing and scams – the oldest types of cyber-attacks.

What is phishing?

Phishing is when someone tries to get access to your Facebook account by sending you a suspicious message or link. Phishing takes many forms including emails, social media profiles, posts and messages or fake websites. Typically, a ‘phisher’ will claim to be from a reputable company or pretend to be someone you know in an effort to get you to give up a password or credit card number, and other personal information. If they get into your account, they may use your account to send spam.

How do I avoid getting phished?

Look out for suspicious emails or messages: Emails from Facebook about your account always come from fb.com, facebook.com or facebookmail.com. You can always visit www.facebook.com or open your Facebook app to check for important messages from Facebook. Don’t trust messages demanding money, offering gifts or threatening to delete or ban your Facebook account.

Never reveal your login details: Facebook will never ask for your password in an email or send you a password as an attachment. Never reveal your login information to anyone.

Don’t click suspicious links: If you get a suspicious email or message or see a Post claiming to be from Facebook, don’t click any links or attachments.

Pro tip: If the link is suspicious, you’ll see the name or URL at the top of the page in red with a red triangle.

Don’t respond to these emails: Don’t answer messages asking for your password, social security number, or credit card information.

Take action and report to Facebook: If an email or Facebook message looks strange, report it to [email protected]. If you want to report a conversation, remember to take a screenshot before you delete it. Keep in mind that this won’t delete the message from the other party’s inbox. Report Link is the best way to report abusive content or spam on Facebook. The Report link appears near the content itself.

Use extra security features: Get alerts about unrecognised logins and turn on two-factor authentication to increase your account security.

To protect yourself from scammers and phishers, always pay attention to extra ‘warning signs’ that may indicate that you are being targeted by a malicious actor.

Most of the common phishing tactics prey on human emotions in an attempt to mislead. Scammers will often pretend to be someone you know and ask you for help and money. They sometimes disguise themselves as your friends or relatives, and pretend to be in an emergency situation.

Some scammers will sends you romantic messages in the hope of quickly earning your trust. But beware, the end game is to eventually convince you to send them money, or reveal your personal information.

Another tactic is to send you are message directing you to a page to claim a prize. To claim your ‘prize’ you’ll need to pay a membership or joining fee or share your personal details. Like many phishing messages, these often come with misspellings and poor grammar. If you look carefully, they can also have forged links

I think I’ve been phished. What can I do?

If you accidentally entered your username or password into a strange link, someone else might be able to log in to your account. Remain calm and try the following things:

If you are still able to log in to your account, secure it by resetting your password and logging out of any devices you don’t own.

If you can’t get into your account and your username or password don’t work, use recover your account tool.

Check if anything strange has been happening to your account, review recent activity and check recent emails sent by Facebook.

If you feel you were the victim of a crime, please contact your local police department. And if you have mistakenly given your credit card details, immediately inform your bank or credit card company, and also make sure you report the person or account to Facebook.

For additional resources and information on account security, visit: https://www.facebook.com/help/