Facebook Messaging to Lure Malware

Facebook's new unified messaging system provides an even bigger lure for hackers and fraudsters, according to web security company Sophos.

The messaging system — unveiled on Monday — is designed to integrate Facebook messages, email and IM chats alongside other non-Facebook messaging services but this could increase the risk of user privacy, according to Graham Cluley, a senior technology consultant at Sophos.

"Before signing up, users need to realise that these new features increase the attack surface on the Facebook platform, and make personal accounts all the more alluring for cybercriminals to break into," Cluey said in a blog post. "Facebook accounts will now be linked with many more people in the users' social circles, opening up new opportunities for identity fraudsters to launch attacks."

The increasing use of social networking services means that spam delivered via sites such as Facebook is far more effective than traditional email spam, primarily as a result of the perception of increased trust, according to Sophos.

Sophos also warns that with all communications stored in one place, on one website, users need to be more vigilant than ever in ensuring that they only allow applications which they trust to access their data and that passwords are secure.

"Facebook will be storing a complete archive of all of their communications with one person — this raises concerns as to how this data could be misused if it fell into the wrong hands," Cluley continued. "With this in mind, it will be critical for Facebook to implement more effective filtering mechanisms to prevent fraudsters from manipulating Facebook users into falling victim to new spam, scam and phishing attacks."

Facebook has been the target of several privacy and security concerns in the past, such as one that potentially allowed spammers to scrape users' names and photos as a result of a bug on the login page.

In October BT chief security technology officer Bruce Schneier said that sites like Facebook are eroding customers' privacy in the interest of its advertiser-funded business model.

print this article

Return to security news headlines
View Security News Archive

Share with: