Today, Facebook announces the launch of firstname.lastname@example.org, an email address available to the public to report phishing attempts against Facebook. Phishing is any attempt to acquire personal information, such as username, password, or financial information via impersonation or spoofing.
By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate.In some cases, Facebook will be able to identify victims, and secure their accounts.
You might ask yourself how to spot suspected phishing emails. Facebooks Partner at the Anti-Phishing Working Group have put together some helpful tips to avoid being deceived by these messages:
1. Be suspicious of any email with urgent requests for login or financial information, and remember, unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
2. Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t trust the sender, instead navigate to the website directly
This new reporting channel will compliment internal systems they have in place to detect phishing sites attempting to steal Facebook user login information. The internal systems will notify faceboook team, so that they can gather information on the attack, take the phishing sites offline, and notify users. Affected users will be prompted to change their password and provided education to better protect themselves in the future.