Want to see who’s viewed your Facebook profile? Then just click here.
The app won’t do what it advertises, but it will steal your username and password. Oh, and it will record everything you type with a key logger, and then send that info to the developer’s email address.
If you’re not familiar with the term phishing, Wikipedia does a pretty good job of summing it up.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
When it comes to cybercrime, attackers have a number of avenues open to them. Researching vulnerabilities and developing exploits is a great way to get your geek on, but let’s face it: it’s easier to just trick people into giving up their username and password.
If you don’t want to fall for this type of attack, make sure you always do the following:
- Avoid clicking on links from people you don’t know. If I get a “security” message from any online service (banking, email, social media… you name it), I never click on the link. Instead, I either google the site or type the URL in directly (if I already know it).
- Hover over the URL and check the destination first. Take this link for example: https://www.facebook.com/. Where do you think it will take you? If you hover over the URL, the comment will tell you Facebook, but look in the lower left-hand corner of your screen for the real destination. Don’t believe me? Click it, and see for yourself.
- Check the URL before you enter your credentials. Think you’re logging into Facebook? Then the URL in the browser should being with https://www.facebook.com/. If it doesn’t, then chances are you’re not logging into Facebook. Simple as that. Oh, and if the URL contains an IP address (something like https://22.214.171.124/), don’t trust it. Play it safe and go the website by its DNS name instead.
And remember, folks: if it sounds too good to be true, it probably is.