Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 15th, 2008

New Security Warning Feature Added On Facebook

Facebook’s security team has introduced a new security related warning feature that alerts users about potentially malicious third-party websites they are about to visit. Facebook is persistently under attacks from phishers and malware authors who look for creative ways to efficiently exploit Facebook’s huge users base.

New Facebook feature is adding a warning message to links it suspects of being spam or phishing. The message states: “You are about to leave Facebook to visit this address. For the safety and privacy of your Facebook account, remember to never enter your password unless you’re on the real Facebook web site”.

The new feature should slow down ongoing malicious campaigns and make the user think twice before clicking further. Just last August, several worms used Facebook to propagate and infect users. This security improvement arrives just in time, since Trend Micro recently stumbled upon another Facebook phishing site, one of few thousands, probably. The page looks very similar to the actual Facebook login page and asks users to log into their accounts by entering their email addresses and passwords. After providing the required information, users are led to the legitimate Facebook site, tricking them into thinking that their account information is still safe from malicious users, when in fact it was already stolen.

The theft happens when users enter their account credentials on the fake Facebook page. The details written on the fields are logged, and are in turn used by the people behind this operation for different purposes. Email accounts may be used in sending spam to one’s contacts, for example. Leading users to the actual Facebook page after they have entered their account information is a trick to prevent users from discovering the theft.

Facebook, with many other popular social networking sites, is being targeted for fraud purposes, in addition to different malware infection tactics. It would be even more secure if it could integrate freely available blacklists of malicious and phishing sites (such as Google’s Safe Browsing Diagnostic, SiteAdvisor, Phishtank) and implement some URL shortening that would highlight the original domain in order to expose a phishing email.

Share this item with others:

More on CyberInsecure:
  • Facebook Users Can Be Forced Into Liking Arbitrary Pages Through Clickjacking
  • Facebook Album Privacy Exploit
  • Facebook And Myspace Are Being Link Spammed
  • Old Facebook Worm Using New Ways To Spread By Abusing Google Reader And Picasa Websites
  • Facebook Bug Allowed Chats To Be Eavesdropped

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Security Warning Feature Added On Facebook

    One Response to “New Security Warning Feature Added On Facebook”

    1. grant john matthews Says:
      January 26th, 2009 at 9:20 pm

      I cannot see the words below or the text box.I only have windows 98!!

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.