Facebook adds protection against malicious links
Facebook is partnering with Websense to add technology that will scan links and warn users of potential danger, malware
By Joan Goodchild , Senior Editor
October 03, 2011 — CSO —
Facebook is partnering with security firm Websense in an effort to protect its 700 million members from malware and malicious web sites.
According to a release from the companies, Websense technology will add to Facebook's existing protections to stop users from clicking on links without knowing the trustworthiness of the destination.
The technology could be useful in helping users from falling for one of the many social engineering scams common on Facebook that seek to trick members into clicking on a malicious link by playing to their curiosity, by claiming to have celebrity gossip, or vanity, by promising them a way to see who is looking at their profile. With the Websense technology, users will now see a notification before they are taken to the link destination that warns them the site may not be trustworthy.
[More details on malicious links in 5 Facebook, Twitter scams to avoid]
"When a Facebook user clicks on a link it will be checked against the Websense database," Websense officials explained. "If Websense determines the link is malicious, the user will see a page that offers the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."
Earlier this year, researchers with security firm BitDefender claimed malware originating from bad links on Facebook was the top attack vector for mobile devices. Spam links on social networks like Facebook are infecting mobile devices easily because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs.
[ Read our guide to social media risks]
BitDefender officials pointed to Google statistics, which reveal almost one quarter of Facebook users who fell for a recent scam on the social network did so from their mobile device. The URL that was studied was one that claimed to show users a girl's Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme.
While the new technology will be helpful in aiding members in identifying bad links, it does not address malicious applications found on the site, another issue security and privacy advocates have long criticized Facebook over. Like malicious links, many applications are actually scams that lure users into traps by promising them a download of 'the dislike button,' for example. Instead users end up with a survey scam or with a malware download on their computer.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild