Tuesday, July 05, 2011

Facebook Spam and Online Security

There are many different channels open to spam; it is always annoying, often disruptive, sometimes expensive to repair and frequently avoidable.

The main area of spam in the past had been from unsolicited bulk email messages sent indiscriminately. In today’s blog post, we are concerned with protecting ourselves on social networks and especially Facebook.

There are some interesting words we hear, whilst trying to stay safe online, against spambots, malware, botnets, worms, scareware, attacks, hackers, Trojan, cybercrime, ID Fraudsters, re-directs etc.

Facebook does get spammed a lot with third party apps. The old adage that prevention is better than cure still holds true in the case of Facebook spam. The offending apps are third party and not created by Facebook.


Sometimes hackers will simply phish for your log-in information and hijack your account, spamming your friends in the process. Other times, the app will instead download and install malware on your computer.
Be aware that Hackers and identity thieves do get into Facebook accounts and create fake profiles and pages.

There has been about a 75% rise in link-spam in Facebook over the past 6 months. Facebook isn’t alone in these spam issues; Twitter has suffered a similar fate but has been more responsive to dealing with it. This warning sent out today by ComputerworldUK; “It's the hottest invitation in technology right now, an email telling you how to "learn more about Google+." If you get one though, be careful about clicking on it. It may be spam. Linked In has also come under heavy scrutiny.

Avoid online spam

The main thing to remember is Just don’t click a link if you don’t trust it.
Don’t be drawn into following at a link that invites you to view a message like "See who is viewing your profile OMG I cannot believe it!!!!!!", or “see who’s blocking you!”. DON’T click a suspicious link is the simple rule. The links are fake apps and nearly always posted on your wall by someone you don’t have a regular communication with. Criminals are looking for us to open up our computers to viruses and spyware; thus allowing them to infect our systems and thereby increasing the chance that they may stumble upon your banking details.

There are a few simple guidelines we should all follow to keep our Facebook and computer secure. Always run system cleaning tools, as some of the spam is actually malware and is attacking your computer. Always run antivirus scans, McAfee comes highly recommended. Keep your applications updated; after all, if you’ve installed it you should update it. Actually, the same is also true for removing unused programs.

Just as you don’t install software on your computer that you don’t trust, this is the same rule on the social networks.

Facebook Security

Facebook has a page dedicated to Facebook Security and you can read the Facebook Guide to Controlling how you share.

According to Facebook and pertaining to Spam: Ads cannot contain or promote 'spam' or other advertising, or marketing content, that violates applicable laws, regulations or industry standards. Spamming on Facebook will lead to your account being permanently disabled.

The Web-of-Trust (WOT) add-on tells users which websites you can trust, based on other web users' experiences. WOT is building a community of users sharing information on bogus websites. There is a free download available for all major browsers, to stop access to dodgy websites.

There are lots of helpful sites and blogs that alert users to how Cybercriminals are adopting a new disguises, like suggesting that the "Facebook password had changed" but it was in fact a malware attack. Computer users discovered malicious code had been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam. Don’t believe the email address as they can disguise and redirect emails.

There are products that can intercept these attacks like Mal/BredoZp-B from SOPHOS. They also post regular Facebook security news and how to Follow Best practices. Only trust what is from someone you know, or something you’re subscribed with. This applies to games as well.

The market for the safe URL shorteners has become a huge opportunity for security companies, that also offer URL shortener providers like Saf.li and Mcaf.ee Their URL shorteners offer enhanced security which is a step in the right direction for bringing down spam and supporting transparency of the destination domain.

Among the many specialists who write helpful blogs about how to remain secure online, there are of course many groups on Facebook offering helpful advice. Some more useful than others!

Make sure you are in control of your page.


  2. Check your privacy settings related to applications; from the "Account" drop-down menu located at the top of any page on Facebook, Click the "Edit your settings" link under the Applications and Websites section towards the botton of the page, Click on the application you'd like to view. If you don't see the application listed, you can find it by clicking the Edit Settings button towards the top right-hand side of the page.

  3. As a Page admin, you can target updates to specific people in your audience and choose to send an update, such as a status or link, to everyone who likes your Page, or to target your update to people in a specific location, or in different language. When you click to update a status, question, photo, link, or video, you will see an option called "Everyone, Friends of friends, Friends only, Customise”. i.e. Click on the small drop-down and select "Customize." Only people who like your Page in the target group selected will receive the update from the Page.

  4. Proactively moderate content posted on my Page by adding comma-separated keywords to the "Moderation Blacklist" in the "Manage Permissions" section, available after selecting "Edit Page".

  5. When people include blacklisted keywords in a post and or a comment on your Page, the content will be automatically marked as spam. Wall posts will be moved to the Pages Spam filter, which is hidden from public view. Comments will appear in grey to admins, but will not appear to the public.

  6. Use the automatic content filtering on Page walls that will ensure that posts soliciting spam are removed from public view, as well as ensure that posts containing good content remain more visible. Go to the conversation. Open the Actions menu. Select "Report Spam."

  7. You can easily remove people connected to your Page if you don’t want to read their posts: Click "See all" under the Likes section, Select the "X" next to a user's name, Click "Remove."

  8. If your friends are sending you messages through applications you haven’t added, you will need to either contact your friends to resolve the issue or block the application from its Profile Page.

  9. To stop an application from sending you messages, you will need to remove the application from the application's Profile Page.

  10. You can report an offending app issue directly to the developer by going to the application’s Profile Page and clicking "Contact Developer" at the bottom of the page, or by clicking "Contact" at the bottom of any canvas page within the application.

  11. Report the application for abuse by going to the application’s About page and clicking "Report Application" at the bottom of the page, or by clicking "Report" at the bottom of any canvas page within the application.

  12. Be aware that Facebook messages are indexed by Google, which is great for brands but worth mentioning that these messages can be searched for on Google even when they are marked viewable by friends only.

  13. Read about Blocking Applications in the Help Centre.

  14. Make your profile only viewable by friends. That works well for personal profiles but less easy for Brands trying to be inclusive.

  15. Use an email account that isn't attached to your online banking account, your PayPal account, your eBay account, etc.

  16. This one is quite funny! Don't use your pet's name as your password if you're going to post your pet's picture and name on your profile!

  17. For your password, be sure to use capital letters as well as lower case letters, numbers, and symbols. Also, break up words you use.

  18. Sometimes a simple virus can be sorted by just changing your login and password.


Facebook is constantly making security improvements listening to their 500 million active user feedback and there are discussions for future improvements, like Privacy by default, vetted app developers, HTTPS for everything. Until some of these security measures are put in place it is going to make it harder for businesses using social media monitoring tools, as spam skews the metrics.

On a positive note; University of California PhD students and security experts from StopTheHacker.com launched a free BETA app service this week called MyPageKeeper. The App aims to keep spam and hackers off your Facebook Wall and keeps Facebook safe from malware and spam.

We will be interested to find out how it detects a piece of content as spam, but it's most likely that MyPageKeeper is simply database driven. Regardless, if it gives us added security protection by allowing a free safe app, which only takes 2 minutes to download, then it is worth it.

Author: Fiona Anderson


Post a Comment