Skip to main content

Security firm warns users over Facebook Messages

Security experts have issued a warning to Facebook users over the increased security risk posed by the social network's new Messages system, launched on Monday.

Facebook CEO Mark Zuckerberg unveiled the new service, Messages, at a press conference in San Francisco. The new messaging system brings together email, SMS and instant messaging into a single "social inbox".

But in a press release, antivirus vendor Sophos advised users to approach the new system with caution:

"Users will need to take greater care of the security of their Facebook account than ever before. Keeping security up-to-date on computers, policing which applications link with their Facebook profile, and choosing sensible, unique, hard-to-crack passwords will be essential," the company said.

"Before signing up, users need to realise that these new features increase the attack surface on the Facebook platform, and make personal accounts all the more alluring for cybercriminals to break into," explained Graham Cluley, senior technology consultant at Sophos.

"Facebook accounts will now be linked with many more people in the users' social circles - opening up new opportunities for identity fraudsters to launch attacks," he added.

Cluley also hinted at the dangers of users entrusting all of their personal data with a single company.

"Users also need to be aware that Facebook will be storing a complete archive of all of their communications with one person - this raises concerns as to how this data could be misused if it fell into the wrong hands," he said.

"With this in mind, it will be critical for Facebook to implement more effective filtering mechanisms to prevent fraudsters from manipulating Facebook users into falling victim to new spams, scams and phishing attacks."

The warning comes on the same day Sophos revealed it has notified Facebook about an apparent security breach in the email system that enables users to post status updates remotely.

According to a blog post by Cluley, the system appears to have been compromised in order to send a number of Facebook users spam messages reading: "Apple is giving away 1000 iPhones I just got mines =)".

Clicking on a link in the message takes users to a dubious-sounding 'get rich quick' website, preying on cash-strapped workers with an offer to "make thousands of dollars a month in as little as 10 hours per week".

According to Cluley, a similar exploit had been used last month

Sophos has released a comprehensive messaging security FAQ for Facebook users, available here.