As the world’s largest social network and the second most visited website it should come as no surprise that Facebook sees a lot of phishing and account takeover attempts. Facebook’s Director of Policy Communications, Barry Schnitt, shared some insight on just how large of an issue account takeover attempts are, saying that Facebook stops 600,000 unauthorized account login attempts a day where the fraudster has phished or guessed the account’s password. Facebook has had issues with account takeover before after being impersonated in many phishing campaigns and dealing with various malware programs designed to log keystrokes and steal Facebook passwords. Fraudsters takeover the accounts and use bots to post malicious links on the pages of all of the victim’s Facebook friends to further spread the malware and collect more passwords.
With several large data breaches involving email addresses and passwords, such as those with Sony’s Playstation Network and online marketing firm Epsilon, fraudsters are able to use the hacked password and email combinations to gain access to other accounts and send more targeted phishing email campaigns. Furthermore, Facebook has been exploited by fraudsters using programs like Firesheep to hijack accounts that are currently logged-in over open wireless internet connections, as well as other computer and mobile applications designed to sniff out login credentials. Dealing with these threats and the large volume of account takeover attempts Facebook has relied on common fraud tools while also coming up with new and unique techniques. For example Facebook will require users to identify their friends out of a pool of pictures to verify it is the true account holder on suspicious login attempts. They are also now trying a system that allows users to nominate a few ‘Trusted Friends’ who can be sent a login code if a fraudster takes over their account and changes their password.
For more information: Hackers attempting to crack 600,000 Facebook accounts every day