Facebook Offers Users a Way to Report Phishing Incidents

Aug 9, 2012 10:49am

We’re thrilled that Facebook, an NCSA Board member company, is continuing the fight against cyberthreats with its launch of phish@fb.com -- a new email address for users to report any phishing attempts that use the Facebook name or brand. Whenever users receive a questionable email appearing to be from Facebook, they can quickly take action and notify the social media company.

If you are on the Internet, it is more than likely that you have gotten an email asking you to click on a link or visit a malicious website that could potentially contain a virus or malware. Cybercriminals have gotten very good at creating email that looks like a mirror image of what one would actually receive from a financial institution, e-commerce site, government agency or any other service or business. For phishing attacks on social media networks, they could also take the form of links in online ads, status updates, tweets and other posts as well.

Facebook has 800 million users worldwide and is one of the most recognizable brands on the planet. Therefore it’s not surprising that spammers and cybercriminals would use Facebook’s good name to try and trick people to open email and to click on things they shouldn’t. This new effort, having the Facebook community report phishing attempts and closely tracking phishing incidents, is a welcome measure.

Unfortunately, opening a phishing email and clicking a link or downloading a document can have unimaginable consequences like data theft and/or having viruses and malware installed on your computer. According to our friends at the Anti-Phishing Working Group (APWG) and their “Phishing Attack Trends Report,” over 25,000 unique phishing email campaigns were documented per month (Jan.-March) during the first quarter of 2012. Such email campaigns can account for thousands or even millions of phishing emails sent each day.


If you’re wondering how to spot a phishing attack, your gut instinct is your best asset here. In our STOP. THINK. CONNECT. campaign (www.stopthinkconnect.org) we have some simple advice: when in doubt, throw it out.  In this case, we will modify that a bit to be: when in doubt forward to phish@fb.com.

You might think that there is no value in forwarding these emails to Facebook. The fact is that security professionals, like the security team at Facebook, can gather a lot of information from these emails that can help shut spammers down or thwart them in the future.

In addition to when in doubt, throw it out, at STOP. THINK. CONNECT. we have some other advice too:

  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Keep a clean machine. Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threat.
  • Make passwords long, strong and unique: Combine capital and lowercase letters with numbers and symbols to create a more secure password. Have a different password for each account.
  • Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
  • Try to verify it by contacting the company directly. If you suspect an email is legitimate but are unsure, Contact the company using information provided on an account statement, back of a credit card or from a website you trust not information provided in an email. Information about known phishing attacks is available online from groups such as the APWG (www.apwg.com).

Protecting the Internet ecosystem requires all of us to do our part. Facebook has created an easy way for members of their community to participate in building a safe and trusted Internet.