If you are like me, you have your social media accounts like LinkedIn and Facebook set to send you an email message when you receive a notification or message on the website. For example, a new friend request from Facebook would appear as an email on my gmail account.
Included in these email messages are links back to the social media site to visit the request.
My Tip: Don’t click on those links!
While, you could first analyze the link to make sure it is a legitimate message, you are better off simply logging into the social media site and viewing the original message on the site itself. Especially if you don’t know who the message is from. But even if you do know the person, it is best to check the website to make sure that the message is real.
But why? Because email addresses are easy to get. And links (which a lot of people click) are easy to fake. Clicking a malicious link could take you to a page that LOOKS like the Facebook logon page, but it isn’t. And once you’ve entered your password on the fake site you’ve just given the thief access to your friend’s accounts to send additional messages or worse. This post shows just what can happen when your password is compromised.
These kinds of “hacks” have been around for a while and it is commonly known as a “phishing” attack. PayPal and online bank accounts have been targets of phishing attacks in the past. Here’s a recent example from the Epsilon data breach. Today, hackers are going after your accounts which you may not think are as valuable. But if someone can sign into Facebook as you then they can conduct identity theft and other malicious activities in your good name.
For some additional reading see the following articles: