Facebook Boosts Security After Dual Phishing Attacks
Facebook has brought in some soldiers to fight the war against malware and phishing scams on the social-networking site. After two different malware attacks this week, Facebook announced it would begin using San Francisco-based MarkMonitor's antifraud services as an additional layer of protection against attacks.
"Our deep commitment to the safety of our users requires a strong proactive security strategy, best-of-breed technology, and active engagement with industry leaders," said Ryan McGeehan, threat analyst at Facebook. "MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing, so it was a natural next step for us to bolster our own security systems with their anti-malware solution."
This week some of Facebook's 200 million users were victims of phishing attacks. One attack took control of users' accounts, sending messages to their friends telling them to check out a specific Web site, fbstar.com. The other incident pointed victims to fbaction.net.
Andy Cutler, a partner in Cutler and Company, was not aware his account had been under the control of a hacker until he received several e-mail and text messages alerting him that his account been phished.
"The first thing I did for survival was to go into my Facebook account and change my password," Cutler said. "I just figured if someone hacked my account, I was not going to tear down the page but to change my password, and I did post a notice on Facebook saying I had been phished and apologized."
Cutler's hacker did some damage by sending a total of 19 different messages averaging 20 different people per message. For Cutler it could have been a communications disaster, as he has 495 friends in his Facebook account.
While the attack didn't cause any major problems to Cutler and his friends, it did hurt Facebook's reputation.
"I tell you what it did do for me -- it put Facebook in a different light for me than other social-network tools," Cutler said. "I'm pretty active in Twitter and Facebook has been a way to keep up with people in my networks, but I have to say I was disappointed in Facebook that this can get through their security system."
Aarin Morrow of Denver thought she was pretty tech-savvy until she became a victim of the fbaction.net attack.
"What happened is a friend of mine was a victim the day before with fbaction.net and I'm very computer tech-savvy and still clicked on it and stupidly logged in," Morrow said. "I said this is weird and e-mailed my friend and asked about the link, and he said he didn't send it."
Morrow became a victim again the next day with the fbstar.com attack. A total of 45 of Morrow's Facebook friends received the message "Look at This," pointing the friends to the fbstar.com Web site.
"What is unfortunate about this is that MySpace got spammed with stuff like this and Facebook never had those problems, but no one is exempt from having this issue happening," she said. "In the future I will be more cautious."
Obligation To Users
"I think FB has an obligation to its users to say please don't fall for this scam," Cutler said. "By allowing the system to be hacked, it created a catch-22 for them. People now have negative feelings toward the company and it impacts the way people view them and their communication because they don't know if they can trust their communication."
This isn't the first time Facebook has had to deal with malware issues. In February, users were dealing with another scam where hackers took control of users' accounts and sent out messages to their friends asking for financial help after being robbed. In some cases, Facebook had to disable the accounts and users had to create new accounts.
"The meteoric success of Facebook makes it a natural target for malware attacks that seek to capitalize on their trusted and recognizable brand," said Frederick Felman, chief marketing officer of MarkMonitor.
"The MarkMonitor technology and 24/7 security operations center are key to helping Facebook fight phishing and malware," said Te Smith, a spokesperson for MarkMonitor.
When MarkMonitor verifies a malicious site, it updates phish-site block lists for its network of popular browsers, security vendors, and e-mail providers. Then it takes down the malicious site to get it off the Internet.