Facebook battles phishing by reaching out to users

In an effort to protect users and curb phishing, the social network gives users a select e-mail address to send reports of the illegal practice.

Most everyone has seen them, those annoying clickable phishing ads in the news feed or posted on friend's Facebook walls: "Get free tickets to Jamaica," "Win a free iPad," or "Friend, I need money urgently."

Phishing has been the bane of Facebook's existence for years, and today it announced that it is making a new attempt to curb the practice. It's launching a select e-mail address, phish@fb.com, where users can send notices of phishing they've seen on the social network.

"By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate," Facebook wrote in a blog post today. "We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we'll be able to identify victims, and secure their accounts."

The social network classifies phishing as "any attempt to acquire personal information, such as username, password, or financial information via impersonation or spoofing." Over the years, phishing horror stories have headlined the news as people have been scammed out of thousands of dollars by their "banks" and "friends."

Partnering with the Anti-Phishing Working Group, Facebook outlined these tips to help users be aware of phishers:

  • Be suspicious of any email with urgent requests for login or financial information, and remember, unless the email is digitally signed, you can't be sure it wasn't forged or 'spoofed.'
  • Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don't trust the sender, instead navigate to the website directly.

Facebook has made an effort over the last few months to directly connect with users, especially when it comes to security. The social network announced in June it would be contacting users believed to have computers infected with the DNSChanger virus to help them figure out how to rid their networks of the malicious malware.

As for its efforts to attack phishing, Facebook said that the e-mail address for users is meant to compliment its own internal detection system.

"The internal systems notify our team, so we can gather information on the attack, take the phishing sites offline, and notify users," Facebook wrote in today's blog post. "Affected users will be prompted to change their password and provided education to better protect themselves in the future."

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments