Reader “Jeremy M” has got in touch, with an amusing example of an attempted attack that has been seen on Facebook.
Here is what the suspicious Facebook message from “Mark Zukcemberng” says:
Dear Facebook user,
After reviewing your page activity, it was determined that you were in violation of our Terms of Service. Your account might be permanently suspended.
If you think this is a mistake, please verify your account on the link below. This would indicate that your Page does not have a violation on our Terms of Service. We will immediately review your account activity, and we will notify you again via email.
Verify your account at the link below:
Thanks for being part of Facebook Community.
In this particular case, someone has cutely responded:
Lol, that’s cute. Learn to spell Zuckerberg properly and then your phishing attempt will be a tiny bit more credible.
But if you weren’t being cautious, you might click on Zukcemberng’s link and not realise that you were being taken to a third-party app accessible via Facebook’s site.
And at the end of a long day, or if you awoke with bleary eyes after a night on the tiles, you might not think twice about following the webpage’s request that you enter your Facebook login details.
A moment’s carelessness can lead to your Facebook account being compromised, and hackers having access to your private messages, your profile and any pages you might administer.
I hope for your sake that you weren’t also using that same password for other online accounts - such as your web email or PayPal account.
To better protect yourself against attacks like this, don’t forget that Facebook offers two factor authentication protection through Login Approvals that will send a confirmation message to your mobile phone whenever it sees an attempt to log into your account from an unknown device.
By the way, there’s a reason that the phisher isn’t using a profile which uses the identical spelling of the famous Facebook founder’s name - Facebook won’t let you! “Mark Zuckerberg” is one of Facebook’s banned names, that it won’t let you use when you create an account, even if it is your real name.
Of course, if you were to contact Facebook with a copy of your passport or a scanned driving license, maybe they would acquiesce. But then, if you’re going to go to all that effort, maybe you would find your life less painful if you simply changed your name by deed poll.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.