Facebook has today announced a new way in which it hopes to combat phishing scams targeting its 955 million users.
In a post to its Facebook Security page, the social network has explained that the public can now report Facebook-related phishing emails directly to the company.
All you have to do is forward the phishing email to the following email address:
phish@fb.com
Facebook says in its post that by forwarding the message you are helping combat attacks, and could assist in forcing phishing websites offline:
By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate. We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we'll be able to identify victims, and secure their accounts.
They don't say so in their post, but I would imagine that Facebook's security team would appreciate it if you would forward any phishing messages you receive *with* the full email headers if possible, as that helps determine where the emails have really come from.
Of course, regular Naked Security readers would hopefully never click on a link in an unsolicited email purporting to come from Facebook. Or, at the very least, would have some alarm bells ring and be able to tell that they had reached a *fake* Facebook login page.
For a bit of fun, here is a screenshot of a Facebook phishing webpage. Would you and your friends be able to see why this page is clearly bogus?
Find out the answers to that puzzle here.
Oh, and if you have the time, don't forget to learn about how you can explain phishing to your grandma with our free Threatsaurus book.
If you're on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 180,000 people.
Follow @gcluley
Hat-tip: Naked Security reader Michael Johnson
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
"955 million users" Is that with or without the 83 million fake profiles?
Maybe JOK3R, they are using 'hits' verses unique visitors :)
I imagine that not only are there fake profiles, many profiles were started and abandoned by people that realized they don't need to be a Facebook member to be popular by sheer number of friends. There are those set by spammers, shysters, and other of similar ilk.
There are many choices on the Internet where one can expose themselves. FB is just one of them. Just how many of that magic number of members read and heed remains a mystery.
I
The new Facebook phishing policy seems to apply to your Facebook e-mail or to your regular e-mail. I haven't noticed any phishing e-mail from Facebook in those places.Where most of my phishing scams appear is in my News Feed not in any e-mails.Other than the usual report post option, I haven't seen the new phish@fb.com option in my News Feed.
Yes, a lot of times scams appear in Facebook itself, not in traditional email, so cannot be forwarded using the same mechanism.
But there are 'traditional' Facebook email phishing scams too.
Hi
I have received an email from a genuine Facebook "friend", that even says FOR DAVE (My name btw). This person has never emailed me before, nor me them, so it could only have come from Facebook?
If I hover over the senders name, it clearly isn't the actaul "friend".
I have since received another such email, same subject FOR DAVE, but from my mother-in-law (or at least disguised as her) who is now crapping herself thinkg she has a virus.
Do the Facebook friends have viruses that is allowing the to happen?
Thanks in advance
What would you like to see Facebook Security do next?
Other sites have had phishing forwarding addresses for years. I am pretty upset that it took Facebook this long to get a clue.
Someone is impersonating my friend's accounts both on Facebook and Yahoo.The impersonater has denied my friend access to both accounts.Please what is the way out? Meanwhile I blocked my friend on Facebook.
It would be nice if they gave us the ability to block/delete/report the property who have pages to build up likes for random crap. It's just blatant spam. Their pages appear as any other personal Page, but if you try to block or delete you get a red error message saying the blocking system is overloaded right now and to try later.
"955 million users" Is that with or without the 83 million fake profiles?
The fake Facebook page is very well done. Aside from the address in the menu bar, the lack of the https tag and the wrong year in the copyright, it is incredibly close to the real thing. Most of us do not spend enough time on the Facebook login page to pay attention to whether it says "Forgotten" or "Forgot" or which items are on the bottom bar.
Just pay attention to the web address in the address bar.
facebook security ??!!?? is that a joke ?? Piece of trash has no security and reporting anything to these fools is a complete waste of time !!! Unless its going to put cash in Zuckerburgs pockets it will be ignored, period !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
" I haven't seen the new phish@fb.com option in my News Feed."
I autologin from links, is that wrong? (That is to say, if I get, say, as I did today, a message from Twitter that I got a message, just click here, I copypaste the url into the awesome bar and get logged in automatically.)
Thumbs Up, Sophos ! Love your work.
Maybe Facebook should apologize instead of Blizzard. Hey, what about Google. We can't live without any of them anymore. They all hold the weak or broken locks to all of our lives.