Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

Facebook users hit by password-stealing attack: here's how to stay safe!

The security pros at Sophos Labs and McAfee have noticed a disturbing increase in Facebook phishing attacks lately. Facebook is a juicy target for this type of attack. Why?

For starters, there are 350 million + users to go after. On top of that, many are less computer-savy users (like your parents and mine, teenagers, etc.) who may not be familiar with malware and how to protect themselves. Add in the fact that Facebook makes a great, centralized location to steal all kinds of information about you -- and a jumping off point to steal from your contacts -- and it's easy to see why malware crews would target the site.

Take the jump for more on this particular attack, and how to avoid trouble (be sure to share with your non-techy friends)!

The message reads as follows:
Dear user of facebook ,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Your Facebook.

Here are a few clues that this message is (and others like it are) fake:
  • It has an attachment: big, reputable sites like Facebook never send out emails with attachments -- especially not on password or account alerts
  • It's addressed to "user of facebook": Facebook knows your real name, and they use it when they email you.
  • The tone is too casual: an actual "safety alert" from Facebook would be written in a much stronger tone.
  • It's too short: warnings from popular sites tend to be wordy. Bad guys, on the other hand, are usually lazy and won't bother to write a lengthy message.
  • "facebook" isn't capitalized: that's a stylistic gaffe you'd never see on an official Facebook message.
  • Facebook doesn't email new passwords: when you do a reset, for example, they'll send a random code to your inbox and a link to a form where you can create a new password.
If you've got a good antivirus program and you've kept it up-to-date, chances are good that the attachment (and the message itself) will be detected. Not sure you're protected? Take a look at our list of free antivirus programs for Windows.

Another helpful download for less experienced users is a link scanner like WOT or AVG's LinkScanner -- both are part of our list of 10+ tools for safe web browsing.


Tags: attack, facebook, password, phishing, safety, security, sophos