October is National Cyber Security Awareness Month and reinforces that we should always be conscious of our online environment and attempts to gain access to our data and accounts.

I just had a friend on Twitter (@Randall_Lind) send me a question and this picture from a chat message he received earlier today.  I have blacked out some of the info because I do not want anyone heading to their Facebook page or the link they sent in the message.


As you look at this chat message you can see that they are using what appears to be an official Facebook Security icon so that is their attempt to lend credibility to their message.  They are also referring to the main Facebook Security page at http://www.facebook.com/Security which if clicked on would lead to the real page and add another element of validity to the message.  Once you arrive at the real page you will then connect their logo with the official logo – another attempt by the fake account at gaining your trust and trying to make them look valid.

However, if you take a closer look at the message itself you can start to identify this as a scam/phishing attempt.

First off the flow of the text is disjointed and seems rushed with some of the sentences seeming incomplete.  Read that first sentence again – seems that they are calling their own policies as annoying or insulting Facebook users.  Punctuation in the short second paragraph is also incorrect with the word Please being capitalized after the comma.  If you saw the link I blacked out it does not even include Facebook in the domain name and ends with another countries designation.  They also did not make it a live link (clickable) because otherwise Facebook’s message system would have wanted to highlight it and that would have been problematic.

So there were enough issues with this message that it should prompt you to ask first and click later (if at all).

These same thoughts can be applied to many situations where there might be a phishing attempt.

Remember to Stop, Think and Connect.