Facebook has announced its new email service which brings
together Facebook messages, instant messaging chat and SMS messages
in one place. Following this news, Sophos has produced an
FAQ guide to help users understand the implications for
security before they sign up:
"Before signing up, users need to realise that these new
features increase the attack surface on the Facebook platform, and
make personal accounts all the more alluring for cybercriminals to
break into," said Graham
Cluley, senior technology consultant at Sophos. "Facebook
accounts will now be linked with many more people in the users'
social circles - opening up new opportunities for identity
fraudsters to launch attacks."
Sophos notes that cybercriminals are compromising the accounts
of Facebook users, and using their accounts to spread spam
messages. Spam sent via social networks can be more effective than
traditional email spam, as users are more likely to open and trust
a message which appears to have been sent by someone they know -
one of their Facebook friends.
"Users also need to be aware that Facebook will be storing a
complete archive of all of their communications with one person -
this raises concerns as to how this data could be misused if it
fell into the wrong hands," continued Cluley. "With this in mind,
it will be critical for Facebook to implement more effective
filtering mechanisms to prevent fraudsters from manipulating
Facebook users into falling victim to new spams, scams and phishing
Sophos's verdict on the new system? Users will need to take
greater care of the security of their Facebook account than ever
before. Keeping security up-to-date on computers, policing which
applications link with their Facebook profile, and choosing
sensible, unique, hard-to-crack passwords will be essential.
More information can be found on Sophos's
Naked Security blog.