In terms of spam, scams and more sinister and malicious threats, Facebook represents one of the top threats in the world of internet security today. The type of scams that circulate on Facebook have often been around for many years however, and many have their roots in similar or identical hoaxes and suchlike which used to be more prevalent in email.
With this in mind, I spoke to Australia-based Brett Christensen, a man who has been running the Hoax-Slayer site alone since 2003. For those of you who have never heard of the site, Hoax-Slayer provides a continuously updated and comprehensive resource for internet threats and should be your first port of call should you ever be unsure about that link in an email, that Facebook photo doing the rounds or anything remotely suspicious-looking.
Brett had not been using computers, or the internet, for long in 2002 when he received an email warning about a virus, which he immediately forwarded to his friends. One of these replied that the email was a hoax and he became interested in the subject and began researching every odd email that he received.
It wasn’t long, of course, before his research led to him being contacted to ask if certain mails were dodgy and subsequently found that he enjoyed helping other internet users to identify scams and hoaxes. In 2003, he created a Yahoo group which dealt with the issue and the concept of Hoax-Slayer was born.
Brett believes (and I agree) “that social media has had a profound impact on the spread of scams and hoaxes. Many of the same hoaxes that previously travelled via email have now found new life on social media sites,” he says.
“Social media is also a powerful vector for distributing malware, rogue applications and survey scams,” he added.
Whilst many people now recognise email hoaxes for what they are (although many of them still appear to be in circulation), social media has provider scammers with an ideal platform to quickly spread these around the world on a much faster and larger scale than email ever could.
Additionally, social media (especially Facebook) encourages users to share, clink on links and install apps without really engaging their brain, because a Facebook scam “gives the illusion of being a part of the social networking experience”.
“For example, scammers are using hijacked Facebook accounts to send out phishing messages that purport to be from Facebook Admin. Because these messages appear to use Facebook’s own communications system, many people are tricked into handing over their account details and other personal information,” Brett says.
In order to protect themselves, social media users have to wise up to the issue in a similar way that they have with regards to email scams – although, of course many people do still get caught out by phishing attacks, which can look very genuine.
This means that users really should take the time to educate themselves on the common types of threats that are around; as Brett points out “It is not hard for even non-technical users to learn to identify common threats and there is plenty of clear and easily accessible information available that can help them achieve this.”
He also says that the threat of fraud is more prevalent now more than ever and it’s vital that users take the time to learn and think before they click. Financial fraud such as banking trojans are rife and tend to be a lot more sophisticated now, identity theft remains a huge threat and users have to realise that protecting themselves means that they are also helping to protect the entire internet.
Hoax-Slayer is a brilliant resource for helping users to do this; the sheer amount of information on the site is astounding when you consider that it is updated and maintained by just one man, with the support of his family.
The IT security industry has been losing the fight against malware and fraud for many years now and Facebook is not helping the cause (or more specifically, its users). Malicious software, trojans, viruses, scams, spam, whatever you like to call it, presents a problem not just to the common man, who may find his bank account emptied or identity stolen, but also to the internet itself.
As much as the FBI and giant tech firms have joined forces with the security industry to fight the problem, it seems to be a losing battle if users aren’t educated. Huge botnets for example, not only have the power to threaten websites with a DDoS attack, they also have the potential to take out national infrastructures if they are allowed to grow large enough.
Whilst global governments seem to be concentrating their efforts on piracy right now, as well as cyber-espionage, perhaps it’s time to concentrate on better educating users on how and why they should protect themselves and their computers.
Many thanks to Brett for agreeing to the interview for this and keep up the good work!