How To Stop Facebook Hackers, Scammers And Thieves

Sophos recommends that you get more selective about your friend list and who you show your full profile to, among other things.

We’ve noticed fewer security snafus on Facebook this past quarter, but that’s probably because we happen to be following most recommendations about security.

Sophos recommends in its half-year report on security issues that you:

  • Read the Facebook’s official guide to privacy;
  • Monitor and adjust your Facebook privacy settings;
  • Get more selective about sending and accepting friend requests;
  • Show “limited friends” a cut-down version of your profile, and
  • Disable all options in the security, privacy and e-mail notifications section, then re-enable them one by one, upon careful review.

Sophos found that the most common types of Facebook scams have been cross-site scripting, click-jacking, survey scams, and identity theft.

Cross-site scripting, or self-XSS, is disguised in Facebook messages such as “Why are you tagged in this video?” and the still fictional Facebook Dislike button, and Sophos said they direct users to websites that attempt to bait them into cutting and pasting malicious JavaScript code into their browsers’ address bar, or they run hidden, or obfuscated, JavaScript that installs malware without users knowing.

Click-jacking, also known as like-jacking and UI redressing, tricks users into revealing confidential information or seizes control of their PCs after inducing them to click on websites with messages such as, “Baby Born Amazing Effects,” and “The World Funniest Condom Commercial — LOL.” The embedded codes or scripts spread the scam virally across the social network, according to Sophos.

Another form of click-jacking mentioned by Sophos is survey scams that trick users into installing an application from a spammed link. News topics, such as the Osama bin Laden video scam, are used to lure users to fake YouTube sites to complete a surveys, and the scammers earn commission for each person who does so. In addition, taking the surveys spreads the scam virally to users’ Facebook friends.

Respondents to a recent poll on social networks by Sophos didn’t seem to be too confident when it came to Facebook, as 81 percent felt that it was the biggest risk among the genre, up from 60 percent one year ago. Of course, Facebook has more members, so it was likely to be the most named. Twitter and Myspace were each named by 8 percent of respondents, while just 3 percent expressed concerns about LinkedIn.

Readers: What steps have you taken to ensure that your Facebook experience is secure?