Security Bytes

May 17 2011   1:43PM GMT

Facebook scam prompts call for more social networking safeguards



Posted by: ITKE
Tags:

Scammers are spreading phishing attacks and other scams on Facebook and other social networks.

By Ryan Cloutier, Contributor

Facebook scammers began spreading a cross-site scripting attack last weekend, luring victims with a link leading to a phony Facebook “dislike” button. But experts are warning users of the social network not to click the link if they value their privacy and security no matter how many things they dislike.

The link is fraudulent, there is no official “dislike” button, and despite outcries and support from Facebook users the world over “there likely never will be,” writes Graham Cluley on Sophos Security’s Naked Security blog. Clicking the “enable dislike button” link that accompanies the scam message will not have the desired result. Instead, it will spread the link to other users in the victim’s friend list and run hidden JavaScript.

“The thing is, because it can download further code from the Web and run it, the nature of the threat can change at any time,” said Cluely in an interview with SearchSecurity.com. “Normally it would point people to a survey scam, ultimately.”

Attacks focusing on social networks have grown in frequency over the years as the networks grow larger. Microsoft’s Security Intelligence Report found that phishing impression on social networking sites increased from 8.3% in January 2010, to 84.5% of impressions by December.

“We get more reports from people concerned about scams on Facebook than any other kind of internet threat,” Cluely said.

Cluely suggested the reason for the increase in attacks is due to the immaturity of the Facebook platform and thus, Facebook is not doing enough to stamp out these spam campaigns. While financial institutions have sophisticated security teams and their online banking users are more protective of their accounts, Facebook is an easier mark for attackers because it has “600 million users, many of whom are fairly naïve regarding security matters and are only too keen to click on a link offering them a sexy video or a dislike button and deal with the consequences later,” Cluely said

Cluely puts the onus of preventing these kinds of attacks largely on Facebook, saying they should be scanning inks similar to the ways hotmail and Gmail do and taking action against survey companies who exploit their systems. He also thinks they should be educating users as to the dangers of what they are clicking.

“I think Facebook has grown so huge and been such a phenomenal success that it’s going to be around to stay, but I do think they would serve their community better if they took security more seriously and made it more of a priority,” Cluley said. “I’m not predicting the end of Facebook by any means … we’d like Facebook to look after users better.”

For its part, Facebook says it began rolling out new security features. The social network said it would warn users about suspicious links before they are  duped by clickjacking and cross-site scripting attacks. Facebook will ask users for a confirmation before they “like” a news item, posting it to their friends’ News Feeds and request confirmation prior to clicking a suspicious link. The social network also has a Facebook security page in which it is attempting to educate users about various social networking threats. 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: