The revelation last week by Facebook that 83 million Facebook accounts are fake caught many people off guard (most notably investors). Of those fake accounts, Facebook estimates 14.3 million of them are “undesirable accounts,” naturally leading people to wonder how these undesirable accounts could affect them.
Facebook does a pretty great job of identifying different methods of Facebook spam on their help page, specifically breaking down the different types of scams that a user could be susceptible to. And though security threats have always been around the escalating sophistication both in method and targeting is troubling. It goes without saying that you should be wary to share any personal information, and should check the URL of any page that requests it. There was also some recent information that showed that password length is a determining factor in how difficult they are to crack, but as Nicolas Caproni pointed out in a recent PC Mag article, criminals are much more likely to steal your password than crack it.
Facebook spam: Phishing
Phishing is the attempt to acquire personal information by masquerading as a trustworthy entity. Phishing is generally understood to be the most popular forms of Facebook spam.
Facebook points out that it will never ask you for your account password, your social security number or tax identification number, your full credit card number or PIN in an email or tell you that you account will be suspended unless you take immediate action. Phishers are even starting to replicate Open ID log-in pages (pages that allow you to sign into a site with your Facebook profile).
The Federal Trade Commission has an entire page devoted to phishing. If you receive an email that you believe to be a phishing scheme you can forward it to Facebook firstname.lastname@example.org or to the FTC email@example.com (or both). And if you’ve been victim of a phishing scheme, you can file a complaint here. You can also reduce the risk of someone using your profile maliciously by changing your password frequently and by going to facebook.com if you are ever suspect of a credential request.
Facebook spam: Adware
Have you ever been tantalized by the promise that an app can show you who has been viewing your posts and pictures? The reason it sounds too good to be true is that it is. It is a form of spam called “adware” that exploits your permission to run ads from your Facebook account. Facebook identifies the following websites as known users of this Facebook spam technique:
Facebook spam: Malicious Scripts, Clickjacking and Malware
Facebook identifies three other types of scams found on their platform: malicious scripts, clickjacking and malware.
Malicious scripts are scripts that you are asked to copy and paste text into your browser’s address bar with the promise of an insight or special return, What they will do when run is Like pages that you don’t endorse. The bad news about these scripts is that the only remedy Facebook suggests is to manually “Un-Like” the offending pages.
Clickjacking is a practice of clicking a link on a third-party site only to have it run a script that posts something to your Facebook page or likes an unwanted page. The only way to defend against this type of Facebook spam is not to click untrusted links. And the only way to fix it is to manually remove posts or Likes from your profile.
The only malware that Facebook identifies as Facebook spam is Koobface. Facebook says: “Koobface is a computer worm…. (which) spreads on Facebook by posting spammy messages on behalf of people.” Symantec describes Koobface like this:
Koobface spreads primarily through social networking sites as links to videos. When a user visits the website that is hosting the video, they are prompted to download a video codec or other necessary update, which is actually a copy of the worm.
To identify and defend against Koobface, people should keep their anti-virus software up to date and run regular updates, enable a firewall and keep computer software up to date. It should also be mentioned that this is only a threat for PCs, not Macs.
Also worth noting when discussing security-related issues: Facebook recently rolled out their Malware Checkpoint and Anti-Virus Marketplace offering free or freemium anti-virus and malware protection to fight Facebook spam.
As we transition to an increasingly social and increasingly mobile online presence, it’s important to understand what threats are out there and how to protect ourselves from Facebook spam and other online maladies.