New Facebook Message Service Provides Fertile Ground for Spammers
Facebook's new messaging service is touted in part for its ability to reduce spam, but security experts believe it won't do much to kill the amount of malicious messages its users receive.
Announced today (Nov. 15), the new service works like a communications aggregator, collecting all the messages a person receives from different media, such as text messages, e-mails and instant messages, and outputting them to the Facebook user in one convenient format.
According to Facebook CEO Mark Zuckerberg, this gives Facebook's more than 500 million users a more immediate and convenient person-to-person messaging experience.
Also included in the service is a Facebook e-mail address, which allows users to link their other e-mail addresses to a new "@facebook.com" one. The service, which users can opt-out of if they choose, had been dubbed the Gmail killer prior to its unveiling.
Zuckerburg cleared the air regarding that term, saying, "This is not an 'email killer,' it's a messaging system that has email as a part of it."
But before the Nov. 15 press conference, Craig Newmark, founder of Craigslist, put his two cents into the pre-announcement hype. In a Nov. 14 Huffington Post article, he wrote that a new Facebook e-mail service would greatly reduce spam, because those propagating the spam would need to first register for Facebook and then trick users into adding the spammer to their friend list.
The process would be more expensive and complicated than spammers are used to, Newmark said. He argued that the Facebook e-mail could "provide the most personal, and spam-free email available."
Though Zuckerberg announced that the "social inbox" aspect of the messaging service will allow users to create more stringent defenses against spam by choosing to accept messages only from people they specifically designate, not everyone is as confident Facebook's messaging service will keep users secure.
Graham Cluley, Senior Technology Consultant at the security firm Sophos, believes the level of security that's assumed when opening a message from a Facebook friend is precisely why spammers will continue to thrive .
Cluley cited Sophos' mid-year 2010 Security Threat Report, which showed significantly increased levels of spam, phishing and malware attacks on social networking sites between April and December of 2009.
"Cybercriminals are compromising the accounts of Facebook users, and using their accounts to spread spam messages," he wrote in a Nov. 15 blog. "It could be argued that using this method of spreading spam is more effective than traditional email spam, because users are more likely to open and trust a message which appears to have been sent by someone they know -- one of their Facebook buddies."
Whereas spam is often easy to spot, as the sender's address is unfamiliar, or there are blatant grammatical errors or requests for money , spam messages sent through Facebook automatically have an air of legitimacy, as they are associated with a familiar person.
As a result, Facebook's messaging service could actually be a fertile ground for spammers rather than the killing field some had hoped for.
Cluley wrote, "The new features do increase the attack surface of the Facebook platform, and make the accounts of users all the more alluring for cybercriminals to break into. Facebook accounts will now be linked with many more people in your social circle -- opening up new opportunities for identity fraudsters to launch attacks."