If you're a dedicated follower of Facebook, last week was a bit of a roller coaster. On Monday, Emil Protalinski at ZDNet reminded you that the stories appearing on Facebook about Lady Gaga being found dead in a hotel room are a “likejacking” scam. Then on Tuesday it was reported that Facebook has "introduced a number of new security features," as summarized by Chloe Albanesius in PC World. However, these changes seem to be less about making it harder to run such scams and more about making the "who-sees-what" privacy settings more accessible and granular. You probably feel the latter is a good thing but it hardly amounts to the headline you wanted to see: "Facebook scammers stopped cold."
Then on Thursday you learned that much more of your life will be shareable on Facebook, including what you do with Facebook apps and what you were doing before Facebook itself existed (reported here in the LA Times and quickly deplored here on Slate).
All of which was bad timing from where I was standing last week, deep in research about the lengths to which organized crime is going to abuse every piece of information it can get its hands on in every last corner of cyberspace. From spear phishing their way into military and defense contractor systems (like Mitsubishi Heavy Industries) to selling fake anti-virus products, the bad guys are on a tear right now, undoubtedly encouraged by the low probability of detection, identification, prosecution, or serious punishment.
No wonder that the latest ESET/Harris Interactive poll of more than 2,200 online adults in the U.S. found that 91 percent of them said they feel vulnerable to some type of cyberattack (see report in Dark Reading). Someone in the office joked that the other 9 percent were Mac users but, as Dan Clark reported here on Friday, not even Mac users are immune to attack given that a PDF Trojan appeared last week targeting OS X.
So what do we conclude from a whipsaw week like that? On the one hand you have Facebook adding security, while on the other it is increasing the potential for people to expose even more of their personal data to potential abusers of that data, abusers who are increasingly well-funded and inventive. Ask me how likely I am to use Facebook in the days ahead and I'd say my answer lies in a magazine article, written by Benjamin Wallace and appearing in the October issue of WIRED magazine (should be available here in a few days).
Wallace tells the story of Sam Jain and Daniel Sundin, a couple of guys who made hundreds of millions of dollars selling fake anti-virus software. They are now wanted by the authorities but their whereabouts are unknown and I'm betting they're living quite comfortably, thanks to their very considerable ill-gotten gains. Now think about this: For every Jain or Sundin there are hundreds of scumbags as yet unidentified, unindicted, and unlikely to stop trying to scam people through email, on web sites, across social networks, and in every other corner of cyberspace.
In the days to come you will hear more from me and my fellow ESET bloggers about the security implications of the new Facebook features as they are rolled out and their implications become clearer, but let's just say that right now I'm not feeling very sociable, unless it's in person, face-to-face with people I know and trust.
Author Stephen Cobb, We Live Security