Scammers are spreading phishing attacks and other scams on Facebook and other social networks.
Facebook scammers began spreading a cross-site scripting attack last weekend, luring victims with a link leading to a phony Facebook “dislike” button. But experts are warning users of the social network not to click the link if they value their privacy and security no matter how many things they dislike.
“The thing is, because it can download further code from the Web and run it, the nature of the threat can change at any time,” said Cluely in an interview with SearchSecurity.com. “Normally it would point people to a survey scam, ultimately.”
Attacks focusing on social networks have grown in frequency over the years as the networks grow larger. Microsoft’s Security Intelligence Report found that phishing impression on social networking sites increased from 8.3% in January 2010, to 84.5% of impressions by December.
“We get more reports from people concerned about scams on Facebook than any other kind of internet threat,” Cluely said.
Cluely suggested the reason for the increase in attacks is due to the immaturity of the Facebook platform and thus, Facebook is not doing enough to stamp out these spam campaigns. While financial institutions have sophisticated security teams and their online banking users are more protective of their accounts, Facebook is an easier mark for attackers because it has “600 million users, many of whom are fairly naïve regarding security matters and are only too keen to click on a link offering them a sexy video or a dislike button and deal with the consequences later,” Cluely said
Cluely puts the onus of preventing these kinds of attacks largely on Facebook, saying they should be scanning inks similar to the ways hotmail and Gmail do and taking action against survey companies who exploit their systems. He also thinks they should be educating users as to the dangers of what they are clicking.
“I think Facebook has grown so huge and been such a phenomenal success that it’s going to be around to stay, but I do think they would serve their community better if they took security more seriously and made it more of a priority,” Cluley said. “I’m not predicting the end of Facebook by any means … we’d like Facebook to look after users better.”
For its part, Facebook says it began rolling out new security features. The social network said it would warn users about suspicious links before they are duped by clickjacking and cross-site scripting attacks. Facebook will ask users for a confirmation before they “like” a news item, posting it to their friends’ News Feeds and request confirmation prior to clicking a suspicious link. The social network also has a Facebook security page in which it is attempting to educate users about various social networking threats.