Scams are getting more bold on Facebook. The latest targets users with an official-looking notice that appears to come from Facebook, requesting your Facebook login credentials for a site update. Once this has been completed, the fake update is actually a Trojan, installing malware onto your computer.
The recent scams come in the form of an email message, not entirely different from previous malware tactics we’ve seen for Facebook and other social networking sites. Facebook has warned users against such scammers, but a warning isn’t always enough.
With over 300 million users, Facebook is a great cover for many scam artists. Whether they’re trying to get money from users, hack their account or spread malware, such bold attacks make it increasingly difficult for end users to discern the real from the fake. As CNet points out, mobile users are even more susceptible to this particular Trojan, as it is more difficult to tell the link provided in the scam email is a fake.
What makes such scams so easy to permeate a population is the fact that many of us revolve our online lives around our email inboxes. Facebook alerts, Twitter DMs and friend requests all come to our inbox, providing somewhat of a safety net for clicking on links. Most major email clients have curbed some of the effects of such scam emails by identifying them beforehand and relegating them to the spam folder. Yet future pushes for a more socially aware email system means that scammers will have to change their game plans as well.
Companies like Google are looking to create a more fluid and direct interaction between brands and clients, via email. This means less static email messages and increased options for recepients. Should this include some improved confirmation of a user, perhaps scam messages will be less able to penetrate such large populations.
On the other hand, a more fluid approach to the inbox could mean a bigger gateway for scam emails. If email clients are particularly moving towards a social-networking approach to the inbox, it may actually make it easier for malware to be pushed through socially involved user bases.
For the time being, it’s still up to individual users to make the ultimate discernment when it comes to clicking on links. And given the generally stagnant attitude surrounding our current email clients, the need for change on a conceptual level is far from tangible. But as the trend is moving towards a more socially integrated email experience, I think these are things we should consider as developer platforms and alerting systems provide a largely self-regulated economy that scammers can take advantage of.