Facebook Spam and Online Security

There are many different channels open to spam; it is always annoying, often disruptive, sometimes expensive to repair and frequently avoidable.

The main area of spam in the past had been from unsolicited bulk email messages sent indiscriminately. In today’s blog post, we are concerned with protecting ourselves on social networks and especially Facebook.

There are some interesting words we hear, whilst trying to stay safe online, against spambots, malware, botnets, worms, scareware, attacks, hackers, Trojan, cybercrime, ID Fraudsters, re-directs etc.

Facebook does get spammed a lot with third party apps. The old adage that prevention is better than cure still holds true in the case of Facebook spam. The offending apps are third party and not created by Facebook.

Dangers

Sometimes hackers will simply phish for your log-in information and hijack your account, spamming your friends in the process. Other times, the app will instead download and install malware on your computer.
Be aware that Hackers and identity thieves do get into Facebook accounts and create fake profiles and pages.

There has been about a 75% rise in link-spam in Facebook over the past 6 months. Facebook isn’t alone in these spam issues; Twitter has suffered a similar fate but has been more responsive to dealing with it. This warning sent out today by ComputerworldUK; “It's the hottest invitation in technology right now, an email telling you how to "learn more about Google+." If you get one though, be careful about clicking on it. It may be spam. Linked In has also come under heavy scrutiny.

Avoid online spam

The main thing to remember is Just don’t click a link if you don’t trust it.
Don’t be drawn into following at a link that invites you to view a message like "See who is viewing your profile OMG I cannot believe it!!!!!!", or “see who’s blocking you!”. DON’T click a suspicious link is the simple rule. The links are fake apps and nearly always posted on your wall by someone you don’t have a regular communication with. Criminals are looking for us to open up our computers to viruses and spyware; thus allowing them to infect our systems and thereby increasing the chance that they may stumble upon your banking details.

There are a few simple guidelines we should all follow to keep our Facebook and computer secure. Always run system cleaning tools, as some of the spam is actually malware and is attacking your computer. Always run antivirus scans, McAfee comes highly recommended. Keep your applications updated; after all, if you’ve installed it you should update it. Actually, the same is also true for removing unused programs.

Just as you don’t install software on your computer that you don’t trust, this is the same rule on the social networks.

Facebook Security

Facebook has a page dedicated to Facebook Security and you can read the Facebook Guide to Controlling how you share.

According to Facebook and pertaining to Spam: Ads cannot contain or promote 'spam' or other advertising, or marketing content, that violates applicable laws, regulations or industry standards. Spamming on Facebook will lead to your account being permanently disabled.

The Web-of-Trust (WOT) add-on tells users which websites you can trust, based on other web users' experiences. WOT is building a community of users sharing information on bogus websites. There is a free download available for all major browsers, to stop access to dodgy websites.

There are lots of helpful sites and blogs that alert users to how Cybercriminals are adopting a new disguises, like suggesting that the "Facebook password had changed" but it was in fact a malware attack. Computer users discovered malicious code had been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam. Don’t believe the email address as they can disguise and redirect emails.

There are products that can intercept these attacks like Mal/BredoZp-B from SOPHOS. They also post regular Facebook security news and how to Follow Best practices. Only trust what is from someone you know, or something you’re subscribed with. This applies to games as well.

The market for the safe URL shorteners has become a huge opportunity for security companies, that also offer URL shortener providers like Saf.li and Mcaf.ee Their URL shorteners offer enhanced security which is a step in the right direction for bringing down spam and supporting transparency of the destination domain.

Among the many specialists who write helpful blogs about how to remain secure online, there are of course many groups on Facebook offering helpful advice. Some more useful than others!



Make sure you are in control of your page.
Tips:

1. Avoid Infected Apps & Links On Facebook. DO NOT INSTALL APPLICATIONS WHICH YOUR ARE NOT SURE ABOUT.


2. Check your privacy settings related to applications; from the "Account" drop-down menu located at the top of any page on Facebook, Click the "Edit your settings" link under the Applications and Websites section towards the botton of the page, Click on the application you'd like to view. If you don't see the application listed, you can find it by clicking the Edit Settings button towards the top right-hand side of the page.


3. As a Page admin, you can target updates to specific people in your audience and choose to send an update, such as a status or link, to everyone who likes your Page, or to target your update to people in a specific location, or in different language. When you click to update a status, question, photo, link, or video, you will see an option called "Everyone, Friends of friends, Friends only, Customise”. i.e. Click on the small drop-down and select "Customize." Only people who like your Page in the target group selected will receive the update from the Page.


4. Proactively moderate content posted on my Page by adding comma-separated keywords to the "Moderation Blacklist" in the "Manage Permissions" section, available after selecting "Edit Page".


5. When people include blacklisted keywords in a post and or a comment on your Page, the content will be automatically marked as spam. Wall posts will be moved to the Pages Spam filter, which is hidden from public view. Comments will appear in grey to admins, but will not appear to the public.
   
   


6. Use the automatic content filtering on Page walls that will ensure that posts soliciting spam are removed from public view, as well as ensure that posts containing good content remain more visible. Go to the conversation. Open the Actions menu. Select "Report Spam."


7. You can easily remove people connected to your Page if you don’t want to read their posts: Click "See all" under the Likes section, Select the "X" next to a user's name, Click "Remove."


8. If your friends are sending you messages through applications you haven’t added, you will need to either contact your friends to resolve the issue or block the application from its Profile Page.


9. To stop an application from sending you messages, you will need to remove the application from the application's Profile Page.


10. You can report an offending app issue directly to the developer by going to the application’s Profile Page and clicking "Contact Developer" at the bottom of the page, or by clicking "Contact" at the bottom of any canvas page within the application.


11. Report the application for abuse by going to the application’s About page and clicking "Report Application" at the bottom of the page, or by clicking "Report" at the bottom of any canvas page within the application.


12. Be aware that Facebook messages are indexed by Google, which is great for brands but worth mentioning that these messages can be searched for on Google even when they are marked viewable by friends only.


13. Read about Blocking Applications in the Help Centre.


14. Make your profile only viewable by friends. That works well for personal profiles but less easy for Brands trying to be inclusive.


15. Use an email account that isn't attached to your online banking account, your PayPal account, your eBay account, etc.


16. This one is quite funny! Don't use your pet's name as your password if you're going to post your pet's picture and name on your profile!


17. For your password, be sure to use capital letters as well as lower case letters, numbers, and symbols. Also, break up words you use.


18. Sometimes a simple virus can be sorted by just changing your login and password.

Future

Facebook is constantly making security improvements listening to their 500 million active user feedback and there are discussions for future improvements, like Privacy by default, vetted app developers, HTTPS for everything. Until some of these security measures are put in place it is going to make it harder for businesses using social media monitoring tools, as spam skews the metrics.

On a positive note; University of California PhD students and security experts from StopTheHacker.com launched a free BETA app service this week called MyPageKeeper. The App aims to keep spam and hackers off your Facebook Wall and keeps Facebook safe from malware and spam.



We will be interested to find out how it detects a piece of content as spam, but it's most likely that MyPageKeeper is simply database driven. Regardless, if it gives us added security protection by allowing a free safe app, which only takes 2 minutes to download, then it is worth it.


Author: Fiona Anderson

Beating the Cyber Bullies

Recently the BBC News interviewed Cisco fellow Patrick Peterson and ran the findings in a story titled ‘Cyber Crook gets business savvy’, Patrick Peterson said cyber criminals were increasingly acting like virtual MBA (Master of Business Administration) students.

He also pointed out that big news stories are a gold mine for Cyber Crooks and used Michael Jackson as an example, stating that when everyone was searching for stories of his death, the cyber crooks are busy creating news copy or video memorabilia to trick the users onto the infected sites.

He noted a huge increase in spam email messages recently and has concerns of spam coming in via mobile phones (‘smishing attacks’), suggesting that phone users will trust a message from their bank via SMS (text message) more than receiving an email with links to verify account ownership.

As we are moving to a more open, simple communication structure of the web, where trust is encouraged in new social network communities, it is important that we all follow some key tips to help beat the Cyber Crooks, then we can stay one step ahead of the fraudsters:
Please find our tips for internet security below:

Ten tips to beat the cyber crooks in no particular order:

1. Make sure you use hard-to-guess passwords, not ones with obvious personal links, such as your birthday or the name of your street. Good passwords include a combination of upper and lower-case letters, numbers and other characters.

2. Change your passwords often and use different passwords for different accounts

3. Make sure that you use an up to date browser and update security patches in your operating system. For Windows users there is a quick and easy way to update your system, click on 'Windows Update' from the programme directory or point to this link, which will take you straight into updates currently available for you to download: http://windowsupdate.microsoft.com/

4. Make sure you turn your computer's firewall on and, if you are using Windows, set up your computer to automatically download new security patches from Microsoft.

5. Install and update anti virus software regularly. Use a programme which will scan all files on your system once a week and delete the infected ones.

6. Never download email attachments from people you do not know or trust. Avoid attachments that you were not expecting, even if they are from a known source.

7. When receiving an email, look at the destination URL before you click it, here is an example if you scroll over this link: Rocktime Twitter and look in the status bar at the bottom of the browser, you will see that the link above is actually going to www.rocktime.co.uk and not our Rocktime social twitter account.

8. Never click on links sent via SMS text messages if you are not certain that you have received a valid text from a valid company.

9. Back up your data regularly

10. Log off when you’re done for the day (Remember you are most vulnerable when you are connected to the Internet, if there is not a good reason to remain online then disconnect).

Final note from our Technical Manager at Rocktime, Andy Clarke

There are many factors we (Rocktime) take in to account when creating web sites and web applications. Some of these include making sure that the site is protected from SQL injection or cross-site scripting attacks. These are mechanisms that malicious users could use to either manipulate data stored in a database or to trick users in to submitting data to a different website than the one they think they are visiting.

One of the ways we protect our sites from these types of attack is to make sure that all user entered data is properly filtered to remove any potentially halmful code before it is stored or shown to a user.

Rocktime are not an Internet security company and if you do need additional assistance in securing your corporate network we would advise you contact Blue Chip Data Systems on +44(0)845 034 7222