IT security and data protection firm Sophos is warning that
Facebook's rules for creating Fan Pages are too lax, leaving
millions of users vulnerable to being tricked into joining fake
sites and exposed to bogus and potentially malicious content.
The calls come after Sophos's own senior technology consultant,
Graham
Cluley, revealed he is the subject of a fake Fan Page - created
without permission by a user pretending to be notorious British serial killer Fred
West.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel
and subscribe if you like)
"Innocent people - friends, acquaintances, and anyone who might
follow my blog - are joining the Fan Page in the belief that they
are somehow following me. They have no way of telling that I didn't
create this Fan Page," said Graham Cluley. "As someone who has
received anonymous death threats from Facebook users in the
past, I don't see the funny side in someone called Fred West
creating a Facebook Page about me."
Facebook rules state that only authorised representatives of
companies, celebrities and music groups are allowed to create Fan
Pages - other users should create groups instead. Cluley has
reported the abuse to the Facebook team and asked them to remove
the Fan Page, but no action has yet been taken and the page remains
in place.
Sophos is reminding Facebook users that creating fake content
like this raises serious security and reputation issues and that
everyone using the site needs to be especially vigilant.
"Imagine if a celebrity with a huge following like Johnny Depp
or Sandra Bullock had a fake Fan Page set up using their name. An
imposter could potentially gather hundreds of thousands of Facebook
fans, before one day deciding to update them all with a malicious
link or send them a dangerous scam," explained Cluley.
"Alternatively the victim of a fake Facebook fan page could have
their character besmirched by someone choosing to post offensive or
defamatory updates in their name."
As well as urging Facebook users to be vigilant, Sophos is also
calling for the site to tighten up its processes for creating a Fan
Page to prevent this happening in future.
"We believe that simple changes made to the site will make
Facebook users safer," continued Cluley. "If Facebook simply
tightened up the process for creating a Fan Page on its site, so
that the creators needed to verify that they are genuinely
affiliated to the celebrity or company they are making the page for
it would drastically reduce the number of fake Fan Pages and make
the site safer."
Sophos advises that social networkers should not invite their
friends to join any Facebook page or application until they have
properly researched it.
"We must remember that Facebook is by far the largest social
network and so it's not surprising that it is particularly
vulnerable to misuse. We know that the security team at Facebook
works hard to counter threats which appear on their system - it's
just that policing over 400 million users can't be an easy job for
anyone," explained Cluley.
For further information about the issue, read Graham Cluley's
blog
.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.