Sophos

Facebook spam & scam prevention does the exact opposite :


Every single person on this earth will be having a facebook account rather having a bank account. But now-a-days facebook is getting famous for the numerous spam and scams occurring in it.

If you’re seeing Facebook messages asking you to “do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT,” don’t do so – you’d be creating spam, not stopping it!

The messages look something like this:

Usually, however, the click-able links at the bottom of messages on your Wall – highlighted in pink below – should look like this:

The scammers have replaced the “Share” option with a link labelled “== VERIFY MY ACCOUNT ==”. Clicking this not only activates the Share option (which you no longer realise you’re pressing), but also invokes a raft of heavily obfuscated JavaScript from a site in the .info domain. (This site is blocked by the web protection software in Sophos’s endpoint and web gateway products.)

With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.

The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:

The lessons to be learned from this outbreak of spam are as follows:

* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.

* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click-through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.

* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.

If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.

0 CommentsLeave a comment

Facebook Expands Safety & Security Tools


Just a day after security firm Sophos sent Facebook an open letteraddressing privacy issues, Facebook has introduced a suite of new safety features.

While the social network did not satisfy the letter’s requests to make privacy the default, create a vetting process for app developers and turn on HTTPS automatically, it did come through on the promises it made in an announcement at President Obama’s White House Conference on Bullying Prevention last month. Here’s what’s new:

  • Two Factor Authentication: This is a new feature that will be turned off by default. If you turn it on, Facebook will ask you to enter a code anytime you log in from a new device.
  • Improved HTTPS: Facebook added HTTPS support in January, which makes it harder for someone on a public WiFi network to hijack your data. Now if you start using a non-HTTPS application while in HTTPS mode, Facebook will automatically switch you back to HTTPS mode when you’re finished.
  • Expanded Social Reporting Tool: Facebook’s new social reporting tool brings community members into the mix when dealing with bullying or other violations of Facebook’s terms of service. The features allows users to send a private message to the person who posted the offensive content or — if they want to report the content to Facebook — to include trusted authority figures as contacts in the report. Previously, the feature was only included for photos and wall posts. Now it is available on profiles, pages and groups as well.
  • Family Safety Center redesign: Facebook’s safety center got a makeover that highlights the site’s safety philosophy, community, and tools and resources like account settings. As in the previous versions, resources for Parents, Teachers, Teens and Law Enforcement are also highlighted. Facebook wrote on its official blog that it also plans to add a free, downloadable guide for teachers who want to use social media in the classroom. Considering that most schools block Facebook on their computers, we’re curious to see what the guide suggests.

What do you think of Facebook’s safety update? What changes do you think Facebook should make to improve user security and privacy?

1 CommentLeave a comment