Facebook has brought in some soldiers to fight the war against malware and phishing scams on the social-networking site. After two different malware attacks this week, Facebook announced it would begin using San Francisco-based MarkMonitor's antifraud services as an additional layer of protection against attacks.
"Our deep commitment to the safety of our users requires a strong proactive security strategy, best-of-breed technology, and active engagement with industry leaders," said Ryan McGeehan, threat analyst at Facebook. "MarkMonitor demonstrated that it understood the complexity of the phishing issue we were facing, so it was a natural next step for us to bolster our own security systems with their anti-malware solution."
This week some of Facebook's 200 million users were victims of phishing attacks. One attack took control of users' accounts, sending messages to their friends telling them to check out a specific Web site, fbstar.com. The other incident pointed victims to fbaction.net.
Andy Cutler, a partner in Cutler and Company, was not aware his account had been under the control of a hacker until he received several e-mail and text messages alerting him that his account been phished.
"The first thing I did for survival was to go into my Facebook account and change my password," Cutler said. "I just figured if someone hacked my account, I was not going to tear down the page but to change my password, and I did post a notice on Facebook saying I had been phished and apologized."
Cutler's hacker did some damage by sending a total of 19 different messages averaging 20 different people per message. For Cutler it could have been a communications disaster, as he has 495 friends in his Facebook account.
While the attack didn't cause any major problems to Cutler and his friends, it did hurt Facebook's reputation.
"I tell you what it did do for me -- it put Facebook in a different light for me than other social-network tools," Cutler said. "I'm pretty active in Twitter and Facebook has been a way to keep up with people in my networks, but I have to say I was disappointed in Facebook that this can get through their security system."
Aarin Morrow of Denver thought she was pretty tech-savvy until she became a victim of the fbaction.net attack.
"What happened is a friend of mine was a victim the day before with fbaction.net and I'm very computer tech-savvy and still clicked on it and stupidly logged in," Morrow said. "I said this is weird and e-mailed my friend and asked about the link, and he said he didn't send it." (continued...)