374 days

Helen A.S. Popkin

Facebook attacks scam spam with new security tools

By now, everyone should have the memo:

The White House isn't sharing photos of Osama bin Laden's bullet-riddled corpse, let alone video — despite all that Facebook spam you may have seen last week promising you otherwise. Curious Facebook users who clicked the link were tricked into manually spamming friends as well, as their own profile, with the same fake info claiming to be straight from the BBC.

It seems those same scammers tried spamming Facebook email boxes with a "security check" that asks users to verify their accounts, reports F-Secure. Those people who fell for the fake verification (not from Facebook) will simply (unknowingly) spam their Facebook friends all over again.

Facebook says it has fixed the hole that let in this virus — a pretty sneaky one, considering the new security safeguards Facebook announced Thursday. The three-part rollout includes "Login Approvals," a partnership with safe-surfing tool Web of Trust, and prompts to make you think twice before clicking on phony offers or cutting and pasting malicious code into your address bar.

Facebook says it's working within the company and with major Web browsers to plug the holes that allow malicious content in the site — but history shows there's always something.Pay attention though, and these new tools can help you keep your profile safe and a little more spam-free.

Spreading spam annoys your Facebook friends. So stop
Clickjacking and tricking users into cutting and pasting malicious code into their address bars are the two big ways spam is spread around Facebook.

Clickjackers trick you into accessing links and/or "Like" buttons by hiding the code underneath content that piques your interest — such as a video of that thing Justin Bieber did to that girl that YOU WON'T BELIEVE. According to Facebook:

Now, when we detect something suspicious, we’ll ask you to confirm your like before posting a story to your profile and your friends’ News Feeds," Facebook explains in its blog. " If you have already clicked on a link resulting in an addition to your "Likes and Interests" section of your profile, you can edit your "Likes and Interests" field by clicking "Edit My Profile" underneath your profile picture. Then, select "Likes and Interests" from the left.

Facebook's new "Self-XSS Protection" is meant to prevent spam spread by users tricked into cutting and pasting malicious code into their address bars. According to the Facebook blog, "Now, when our systems detect that someone has pasted malicious code into the address bar, we will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea." Facebook's message will look like this:

Web of Trust points out the bad links
As well as the new warning prompts, Facebook has partnered with Web of Trust, a "free safe surfing tool that tells you which websites you can trust based on the ratings supplied by other Web of Trust community members." Click a link that is rated spammy or suspected of malware, and expect to see this:

Login Approvals keeps out the creeps
Login Approvals, a double-authentication system announced last month, guards against someone else logging on to your Facebook account on a different computer or mobile device, even if that person has your password.

If you choose to use it, whenever you log in to Facebook from a new or unrecognized device, we’ll require that you also enter a code we send to your mobile phone via text message. If we see a login attempt from a device you haven’t saved, you'll be notified upon your next login and asked to verify the attempt. If you don’t recognize this login, you'll be able to change your password with the knowledge that while someone else may have known your login credentials, he or she was unable to access your account or cause any harm.

In review, here are some things we can safely assume you won't see via Facebook: Osama bin Laden's body, that video of that thing Justin Bieber did to that girl, what happened when that girl's dad walked in on her, an app that reveals who has been looking at your profile, and an authentic message from Facebook WRITTEN IN CAPS LOCK.

Rest assured, these new security features don't erase reasons to complain about Facebook. They do, however, provide easy-to-understand protections users can easily take advantage of, and if you want to help prevent the spread of spam, make sure your friends know about these new tools, too.

Related:

• Facebook hacker posts stolen pics on porn site
• Facebook photo-tagging scam running rampant
• Facebook's Google smear campaign outed
• Creepy lip-syncing kids guilt moms off Facebook
• 7.5M kids lie to get on Facebook - parents don't care

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook.