Facebook Phishing

Last week, McAfee blogged about a Facebook password reset scam that could have affected millions of users.  If you've recently moved some of your marketing efforts to Facebook, this might concern you.  What do you say to your CEO if he asks why you're using such an insecure platform?  How do you help your internal Facebook users deal with the security breach?  Will your prospects continue to trust your fan page?

A question of security

Phishing , the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication, happens today on the social web.   There's no sign that it will be going away any time soon, and even the best e-mail security programs sometimes let phishing e-mails slip through.  These kinds of attacks happen to banks, credit card companies, shopping websites, and social media sites every day; and phishing emails are looking more and more like the real thing.

So what do you tell your CEO when he asks why you're using a tool that can be phished?  Well, this is a nice time to access your IT resources.  The folks from IT can provide the backup you might need when you tell your CEO that phishing is very common and even the best, most secure sites become victims of scams like this.  You can also point out that, now that Facebook has more traffic than Google , you can't afford not to be there.

Did you take the bait?

Hopefully, no one from your department or company clicked through one of those emails, but even the best of us sometimes get phished.  What do you do?

  • R eset your password.   Go directly to the website itself, go to your settings, and reset your password (do not pass Go, do not collect $200.).  Ideally, use a complex password containing letters, numbers, and punctuation.  Do NOT use the same password for all of your different accounts.  ( Here's a post with great tips on managing your online passwords. )
  • Report it. Unless you already know that the scam has been reported to the site, make sure that you immediately report that you've been phished .
  • React.   Make sure that your company or department is aware that there has been a phishing attack on one of your officially sanctioned social media sites, and give them explicit instructions on what to do next (change password, etc.).

What about trust?

When a scam breaks, it's great to let people know that you have it handled.  Just like Facebook itself let people know about the scam , you could post to your wall that you're aware of the scam and that you've taken appropriate security measures to make sure your own fan page hasn't been hacked.  Don't be tempted to sweep things like this under the rug-- remember that transparency breeds trust , and react appropriately.


Going forward, the best defense is a good offense.  Make sure that you have a plan in place (and have educated people about it) that addresses phishing and other kinds of online scams.  Make sure folks can recognize a phishing email and know what to do immediately if they accidentally take the bait.  

You can't let phishing or Internet scams scare you away from using social media marketing, but you can react intelligently to them.  By addressing secrurity concerns quickly and transparently, you can stop the bad guys from thwarting your efforts.


Video: How to Use Social Media for Lead Generation

Learn how to use social media for lead generation.

Download the free video to leverage Twitter, Facebook and other social media sites to generate leads and customers.

Originally published Mar 23, 2010 11:42:00 AM, updated July 28 2017


Facebook Marketing