New Security Warning Feature Added On Facebook
Facebook’s security team has introduced a new security related warning feature that alerts users about potentially malicious third-party websites they are about to visit. Facebook is persistently under attacks from phishers and malware authors who look for creative ways to efficiently exploit Facebook’s huge users base.
New Facebook feature is adding a warning message to links it suspects of being spam or phishing. The message states: “You are about to leave Facebook to visit this address. For the safety and privacy of your Facebook account, remember to never enter your password unless you’re on the real Facebook web site”.
The new feature should slow down ongoing malicious campaigns and make the user think twice before clicking further. Just last August, several worms used Facebook to propagate and infect users. This security improvement arrives just in time, since Trend Micro recently stumbled upon another Facebook phishing site, one of few thousands, probably. The page looks very similar to the actual Facebook login page and asks users to log into their accounts by entering their email addresses and passwords. After providing the required information, users are led to the legitimate Facebook site, tricking them into thinking that their account information is still safe from malicious users, when in fact it was already stolen.
The theft happens when users enter their account credentials on the fake Facebook page. The details written on the fields are logged, and are in turn used by the people behind this operation for different purposes. Email accounts may be used in sending spam to one’s contacts, for example. Leading users to the actual Facebook page after they have entered their account information is a trick to prevent users from discovering the theft.
Facebook, with many other popular social networking sites, is being targeted for fraud purposes, in addition to different malware infection tactics. It would be even more secure if it could integrate freely available blacklists of malicious and phishing sites (such as Google’s Safe Browsing Diagnostic, SiteAdvisor, Phishtank) and implement some URL shortening that would highlight the original domain in order to expose a phishing email.
More on CyberInsecure:
January 26th, 2009 at 9:20 pm
I cannot see the words below or the text box.I only have windows 98!!