Credit: HowStuffWorks.com

This week I was speaking to a potential client who said their IT department was resisting use of Facebook for marketing purposes (and blocking it via the firewall) because, horror of horrors, there was a phishing scam going around.

This snoozy bit of non-news is classic fear-mongering by the IT “wizards in the dungeon,” a real red herring argument to scare the marketing department off the social web.

Here’s what Facebook security had to say on their blog: “There’s another spoofed email going around that claims to be from Facebook and asks you to open an attachment to receive a new password. This email is fake. Delete it from your inbox, and warn your friends. Remember that Facebook will never send you a new password in an attachment.”

For the uninitiated, phishing is simply a message from “the bad guys” that is an attempt to trick you into thinking a fake site is real. You click a link in the message, log in, and in so doing give away your username and password. From Wikipedia: “In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

It generally comes in the form of an email (although more recently as Facebook and Twitter messages too), often with poor spelling and grammar.

Yes, there are phishing scams related to Facebook, and online banking, and your email blast system, and any other conceivable site you might care to mention. Phishing is old news and easily avoided.

Here are several indicators that should get your “Spidey-sense” tingling:

• You got an email or message from someone you don’t know asking you to click a link
• You got an email or message from a service you use asking you to click a link to update your account, or log in and do something
• You got an email or message from someone you don’t know with an attachment
• You got an email or message from someone you do know that has a vague or weird reference (like “HAHA, is this you?” a recent Twitter scam) and asks you to open an attachment or click a link
• There are more tips at www.antiphishing.org but you get the idea – weird emails or messages asking you to do something should set off alarm bells, and the greatest vulnerability is our propensity to just click and open things out of curiosity or habit.

Microsoft’s Online Security site (Microsoft.com/protect) has a list of suspicious phrases that should also make you think twice about clicking, opening, or responding:

• “Verify your account.”
• “You have won the lottery.”
• “If you don’t respond within 48 hours, your account will be closed.”
• “Click the link below to gain access to your account.”

Finally, anything mentioning Nigerian Royalty can generally be dismissed as a scam, unless you’re Nigerian and of Royal blood.

The web is a wild and sometimes dangerous place, but so is the world. A few precautions and a dose of common sense is all that’s needed to prevent infections, hacks, and identity theft. Next time Lord Voldemort the evil IT wizard casts a spell on your marketing program, hex him with a few curses of your own!

As usual, send me your feedback on Twitter at @dblacombe or via e-mail doug@communicatto.com.

Doug Lacombe is president of communicatto.com, a digital marketing, investor and public relations agency.

Recent posts

• Six social networks you probably haven’t heard of
• Digital literacy key to success in Canada’s growing digital economy
• Blue Imp social media seminar follow up resources
• Biotalent social media boot camp resources
• Twitter trash talk shaves off pounds
• When warm & fuzzy goes dark & ugly, a #bashtag is born
• Third Tuesday World Kiva Day recap: A community within a community, within a community…doing a world of good
• When will IR ‘get’ social media?
• Book Review: The REAL Truth About Social Media
• 80-20 rule applies to social media marketing too