People usually consider “hackers” to be a very generic sort of bad guy, like how burglars seem to share the same closet and always wear black hats and striped shirts. Hollywood and other forms of media definitely do not help matters, with their unrealistic ideas of what computers can do, from instantly converting a blurry image into an HD masterpiece to their ridiculous portrayal of neon green computer code scrolling super fast on a black background.
The truth is that hackers can interact with you secretly, silently, like online ninjas. Recently, reports surfaced of over 2 million stolen passwords, thanks to hackers secretly installing keylogging software on millions of public computers. Keylogging means that you are recording everything typed into that computer. Even though people were logging directly into their accounts, the keylogging software (a program on the computer itself, not on Facebook) was able to take their login information and send it to the hackers.
Another strategy for accessing your credentials? Phishing. Phishing is when hackers send you a fake email, asking you to log into your account for some reason or other. Many people are fooled by the fake emails. Sometimes they can be incredibly convincing. What can you do to figure out what messages are real and what messages are from phishers?
Here at inConcert, we recently received an email from Facebook that seemed suspicious. The domain of the email address that sent the message was not “facebook.com”, which immediately made me question the legitimacy of the message.
I investigated online and the general consensus is not clear – some say that this is a legitimate email from Facebook and others insist that this is a phishing attempt. So my next step was to use my mouse cursor to hover over the links (NOT click them) to see where those links went. The URL will appear somewhere in your browser. I use Chrome, so it appeared in the bottom left.
Because the links in this message all lead to “facebook.com” destinations, I want to conclude that this email is safe, from the official Facebook, and that if I clicked on these links, I wouldn’t be putting my personal information in the wrong hands. However, you can NEVER be too careful. When you receive emails like these, claiming to be from a website and asking you to log into your account, sometimes the safest thing to do is to open a new browser tab or window, go directly to that site, and log in there.
The only exception I can think of would be the confirmation email you might receive when creating any new accounts, asking you to click a link to verify your email address. You should still be careful clicking on any links in those emails and hover over the link to check the URL first.