Facebook users hit by password-stealing attack: here's how to stay safe!
For starters, there are 350 million + users to go after. On top of that, many are less computer-savy users (like your parents and mine, teenagers, etc.) who may not be familiar with malware and how to protect themselves. Add in the fact that Facebook makes a great, centralized location to steal all kinds of information about you -- and a jumping off point to steal from your contacts -- and it's easy to see why malware crews would target the site.
Take the jump for more on this particular attack, and how to avoid trouble (be sure to share with your non-techy friends)!
The message reads as follows:
Dear user of facebook ,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Here are a few clues that this message is (and others like it are) fake:
- It has an attachment: big, reputable sites like Facebook never send out emails with attachments -- especially not on password or account alerts
- It's addressed to "user of facebook": Facebook knows your real name, and they use it when they email you.
- The tone is too casual: an actual "safety alert" from Facebook would be written in a much stronger tone.
- It's too short: warnings from popular sites tend to be wordy. Bad guys, on the other hand, are usually lazy and won't bother to write a lengthy message.
- "facebook" isn't capitalized: that's a stylistic gaffe you'd never see on an official Facebook message.
- Facebook doesn't email new passwords: when you do a reset, for example, they'll send a random code to your inbox and a link to a form where you can create a new password.
Another helpful download for less experienced users is a link scanner like WOT or AVG's LinkScanner -- both are part of our list of 10+ tools for safe web browsing.