Facebook Introduces Phishing Reporting Service

Facebook has announced fresh protections for its users, allowing them to report cases of phishing attempting to dupe users out of their login details.

There are many fake Facebook sites, which look convincing enough to make users think they are the real thing. Other phishing attempts see attackers send emails claiming to be from Facebook, directing them to fake sites and prompting them to give away personal data.

But if users can tell the difference between the real and the fake Facebook, they can now report them to phish@fb.com, Facebook said yesterday.

Catching some phish

“By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate,” Facebook said in a blog post. “We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we’ll be able to identify victims, and secure their accounts.

“This new reporting channel will compliment internal systems we have in place to detect phishing sites attempting to steal Facebook user login information.  The internal systems notify our team, so we can gather information on the attack, take the phishing sites offline, and notify users.”

Last year, Facebook started offering bug bounties, paying researchers for finding flaws on the website. According to Bloomberg, it is set to widen the programme to offer rewards for those who find flaws in its internal systems, rather than just its customer-facing assets.

Facebook should expect more attacks now it has welcomed a real-money gambling app onto the website, according to one security expert. This week, the first ever real-money gambling app for Facebook – Bingo Friendzy – was announced.

But by having real money being bet on the site, Facebook can expect to be targeted by more concerted hacking efforts, said Paul Lawrence, vice president for international operations at Corero Network Security.

“There is no doubt that Facebook has security in place, but by adding gambling to their site they have effectively monetised the reasons for attackers to target the site,” Lawrence told TechWeekEurope.

Are you a security pro? Try our quiz!