Will Facebook Ever Do Anything Against Scammers, Spammers and Click-Jackers?

In the past two or three months, I have witnessed an exponential increase in the number of scam posts, phony videos, fake offers, etc. hitting the walls of my friends and my news feed.  In my case, having been online for 20 or more years now, I’ve become somewhat immune to all of the spam and scams out there.  For my part, I have systems in place to virtually eliminate spam and many scams (it’s called Google Apps/Gmail), never click on anything unfamiliar, never visit untrusted sites, and am naturally wary of anything I encounter.

For the less computer savvy friends of mine, I worry.  They don’t have my experience, or my background in computing, networking, online life, and computer security.  I am constantly badgering everyone with warnings, informational posts, and other tidbits to help keep their Facebook experience safer.  What worries me now is that the deluge of scams, spams and click-jacking is increasing, often faster than I can post a warning about them, or other sites can issue alerts.

One thing bothering me, though, is how lax Facebook has been in allowing application “developers” (using the term loosely) access to Facebook’s APIs.  (An API is, in the simplest of terms, an easy way for applications, and even websites, to interact with each other.)  They have no approval process for applications.  In setting up or modifying numerous forums and blog installations, I’ve encountered this personally.  You basically just register the application to your account, and you’re good to go.  No approval process by Facebook.

And you wonder why the hackers are all taking advantage of this?  Facebook is wearing the virtual equivalent of a “kick me” sign on its back, and the hackers have their biker boots on.  Easy target.  Even if an application is banned, the hackers can easily change a few words, attach it to a new account, and life goes on.

These hackers use something called “click-jacking,” making you click on a link to something enticing (a free offer, a “blue” video or dirty picture, an outrageous “You will never believe this!” article).  This takes you off of Facebook’s website onto another, where the hacker can then automatically make your account “Like” the hacker’s scam/spam page on Facebook (thereby spreading more of the same link), and in many cases, injecting your computer with malware or doing anything else that may be malicious.

Facebook also gives us, their members, absolutely no way to completely and totally block all applications or posts of this nature from our accounts.  If all I want to receive from my friends are their status updates, then that is all I should be able to receive.  As users, we have no way to control what we receive.  We can filter, but we can’t completely block.  With Facebook’s APIs open, and applications having no formal approval process (which would include checks for malicious activity and fraud), I feel we are probably seeing only the tip of the iceberg here.  Facebook has claimed in a couple of recent articles that they are dealing with the problem, but I’ve yet to see any specifics, or any encouraging news about tightening down their policies.

And that does not sit well with me.

For now, follow a site like Sophos for security and privacy concerns on Facebook and other social networking sites, or the Facebook-specific watchdog site called Facecrooks, whose helpful folks issue multiple posts per day to alert users to the most recent of dangers awaiting Facebook members.

Stay safe out there, friends!

On The Internet, Security and PrivacyPermalink