Phishing attacks from inside Facebook have fallen back from the historic peak of 2013 but still constitute 1 in 10 of all attacks of this type blocked by Kaspersky's security software, the firm has reported.
The firm's latest analysis compares the figures for Q1 2014, which show blocks running at just under 11 percent, putting it behind the Yahoo, now the main source. That compares with the Facebook average of 22 percent of blocks for the whole of 2013, which means blocks have halved since last year.
The volume of attacks for users running Kaspersky was now around 20,000 per day, with a one-week surge in early 2014 reaching 120,000 per day. This sounds small next to the 1.2 billion Facebook accounts but this is only one security firm's measurement - anyone using another security product or nothing at all will obviously not show up.
As it happens, most blocks - up to 7,500 - happened in the US, followed distantly by Germany and Canada; Russia barely reached the 1,000 per day level although we should factor in the number of users Kaspersky has in each of these markets as well as Facebook's relative popularity.
It is also the Case that users in some countries are more or less likely to follow a suspect link, triggering the protection. According to Kaspersky, around one in five users in India (as a percentage of its user base there) followed Facebook phishing links, compared to one in ten in the US and an extraordinarly low one or two in a hundred in Russia.
As has been the case for some time, most phishing message come from bogus accounts set up by criminals, sometimes containing threats that accounts will be blocked if users don't enter their credentials. Compromised user accounts are another tactic, which makes them incredibly difficult to filter.
"Fraudsters often lure their victims by promising them interesting content. When users follow the link provided, they land on a fake login page that contains a standard message asking them to log in before viewing the page," said Kaspersky Lab web content analyst, Nadezhda Demidova.
"If users don't become suspicious and enter their credentials, their data will immediately be dispatched to cybercriminals."
The pattern of targeting social networks is long-established but Facebook remains top of the list because once inside its virtual walls, users quickly seem to become permissive about what they will click on. It's also a global platform so criminals can re-use the same strategies and tricks over and over.
Facebook has tried to fight back, only a week ago passing information to police in Greece who arrested two individuals accused of being involved with the Lecpetex Litecoin botnet spamming campaign. This is only one of a clutch that target the social media site.
Sign up for Computerworld eNewsletters.