Facebook remains the number one social media target for cyber criminals, security firm Kaspersky Lab has warned.
A regular ruse used by cyber criminals is to set up fake versions of popular websites, which users are then tricked into visiting via malicious links within spam emails that suggest they need to send their login details across in an email.
While Yahoo profile pages remain the top target for cyber criminals, Kaspersky research shows that fake Facebook pages account for 11 per cent of instances where a heuristic anti-phishing component was triggered. That makes Facebook the most targeted social media platform and the second most targeted website overall for cyber criminals attempting to steal user details.
Hijacked Facebook accounts can be used by cyber criminals in a variety of ways. They can be used to steal personal information about the user - potentially giving criminals access to bank accounts, especially if the user has the same password for multiple online accounts.
Alternatively, hacked accounts can be used to trick other contacts into giving up personal details that can be used for future attacks, or used to post spam links onto friend's profile pages.
"Cybercriminals have developed a number of ways to entice their victims to pages with phishing content," said Nadezhda Demidova, web content analyst at Kaspersky Lab.
"They send links to phishing web pages via email, within social networks or in banners placed on third-party resources. Fraudsters often lure their victims by promising them ‘interesting content'," she continued.
"When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page. If users don't become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals," Demidova added.
Kaspersky has issued some advice to Facebook users as to how they can avoid falling foul of having their details stolen in this way. Advice includes never responding to email notifications from Facebook which ask for details because "Facebook never asks users to enter their password in an email or to send a password via email".