According to online security firm Kaspersky Lab, Facebook is the number one most-targeted social media site by cybercriminals, and the second most-targeted website overall. 

The reason for that is simple: phishing scams. Facebook is full of fake pages that direct users with malicious links and messages. These links then point users to websites that often look like the real deal, but are instead fake log-ins designed to coerce users to give up their personal information. According to Kaspersky’s research, fake Facebook pages account for a full 11 percent of instances where heuristic anti-phishing measures are triggered on the web.

“Cybercriminals have developed a number of ways to entice their victims to pages with phishing content,” said Nadezhda Demidova, a web content analyst at Kaspersky Lab. “They send links to phishing web pages via email, within social networks or in banners placed on third-party resources. Fraudsters often lure their victims by promising them ‘interesting content.’”

Thankfully, it’s fairly easy for users to avoid falling prey to such scams. As Demidova points out, Facebook never asks users to enter their personal information in an email, so if you receive a notification from the site asking for your info, it’s likely a fake. Similarly, don’t enter your email address or passwords on any website that you don’t absolutely trust — especially if you arrived there from a phishy-seeming Facebook link.