The Facebook Blog

‎The Facebook Blog‎

عرض جميع مشاركات ‎Ryan McGeehan‎‏

من ‎Ryan McGeehan‎‏ 01 مايو، 2009‏، الساعة 06:06 مساءً‏

This week, you may have heard about some new phishing websites that were created to look identical to authentic Facebook pages. Phishing is common across the Internet, but the security team at Facebook has been working to halt the spread of these latest malicious sites.

The fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information. The people behind these websites, known as "phishers," then use the information to access victims' accounts and send messages to their friends, further propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained.

When the latest phishing incident surfaced on Wednesday, we quickly blocked the fake links from being shared on Facebook to stop their spread. We've been removing these links from Walls and Inboxes across the site and resetting passwords for any of the compromised accounts we detect. This foils the bad guys, because the login information they collect will no longer work.

Working together
Since phishing is an Internet-wide issue, we also work closely with others in the online security industry to combat these threats. For example, when we find a new phishing site, we send the information to MarkMonitor, a company that adds these phony sites to blacklists. If you've ever visited a website and seen a red sign indicating that it was a "Web Forgery," you've probably seen their work. They also get the fake websites taken down by internet service providers (ISPs), which connect you to the Internet and host websites, and other companies that manage websites. This is what happened with one of the phishing sites involved in the most recent attack. Together, we've responded to over 1,400 phishing sites, including over 240 since the beginning of this year.

Detecting threats
In addition to working with others, we're always improving our own systems. We look at unusual activity on Facebook to detect threats to protect people on the site. For instance, when someone posts to their friends' Walls at a higher rate than usual, we flag the account as potentially compromised. Similar to online banking websites, we take a lot of precautions around your login. If we suspect that your account has been compromised, we ask for additional information to confirm your identity.

How you can help
To combat these threats, we need to your help, too. Protect yourself by always following a few key rules of thumb when you're online:

Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
Use unique logins and passwords for each of the websites you use.
Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.
Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.

Become a fan of the Facebook Security Page for more updates on new threats as well as helpful information on how to protect yourself online.

Ryan, an incident response manager on the security team at Facebook, is fishing for phishers.

Topics: ‎Security‎, ‎Phishing‎

‎Blocked Content and Facebook Security‎

من ‎Ryan McGeehan‎‏ 29 مايو، 2008‏، الساعة 04:18 مساءً‏

We've often written about our commitment to keeping Facebook a safe place for you to interact and share information with your friends. We work hard to keep the site free of abuse, spam, and harassment. A recent place where we've been fighting the spam battle has been through sites that ask for a user's login information to use a contact importer, and then spam all of their friends. Our response seems to have confused some people as to why certain content can't be sent through our systems. For example, if you try to send a message that contains a link to a website with an importer, you might get a message like this:

This response is our way of trying to protect everyone's privacy. Right now, the sites that are asking for this information, and that we are blocking as a result, gain complete access and control over your account when you enter your login info—your photos, your private messages, and your friends. In order to protect sensitive data, we make it hard for spam to spread through Facebook.

We know that there are legitimate places where it would be useful to have your Facebook Friend List with you, which is why we've been working so hard on Facebook Connect. Our goal there is to allow you to bring any information you want over to any service you want, while still maintaining all of our privacy standards across the web. That way, you will have control over your information—not anyone else.

Ryan works on the site security team and continues to be a dodge ball ninja.

‎No Phishing‎

من ‎Ryan McGeehan‎‏ 23 أبريل، 2008‏، الساعة 11:01 صباحاً‏

We take spam prevention seriously here at Facebook, but unfortunately, there is spam on the site. As an example, you may have seen Wall posts advertising free ringtones among other spam, as well as a more malicious form of spam called "Phishing". These two trends are related, and here's why:

Phishing is a method to trick Internet users into visiting fraudulent websites. Phishing websites are designed to look like the login page of popular websites. Because they look real, people log in, accidentally giving criminals access to user accounts. These can then send spam messages to perpetuate the phishing websites and promote services or products. When a phished account is used by a spammer, more Wall posts that are spam or links to phishing sites are sent out, and the cycle continues.

Wall posts that result from this will look out of place; they either advertise products or ask to log you in to Facebook from another site when clicked. If either case is true, keep in mind that it might be spam or a phishing attempt. We wanted to spend some time giving you tips to help you protect your own account, as well as your friends' accounts.

Remember, Facebook will never ask for your password in an email, Facebook message, or any medium that isn't the login page. Though you will need to re-enter your password when you set a security question, change your contact email, or send a virtual gift.
Be extra aware of weird Wall posts. Don't click on any links—on a Wall or elsewhere—if you don't know where they go.
Set a security question for yourself on your Account page. If somehow something malicious shuts you out of your account, you will need the answer to that question in order for our User Operations team to let you back in. (If you've already set your security question, you won't see a prompt for it on your Account page.)
Be extra aware of what website you are using to log in to Facebook (and other websites). Phishing websites can be made to look like other websites (like the Facebook log in page), and might try to disguise their urls. Be smart: www.facebook.com.profile.a36h8su2m8.info/login starts out looking like a legitimate Facebook website, but that a36h8su2m8.info part means it's fraudulent. Set and use a browser bookmark to make sure you always log in from facebook.com
If you see a Wall post that looks like spam on a friend's Wall, tell the author to delete it and reset their password immediately.
Use a modern web browser to benefit from anti-phishing protection
- Internet Explorer 7
- Firefox
Check out opendns.com. This is another method for blocking specific domains that host phishing sites.

If you think you've been phished or find a phishing site,

Reset your password on your Account page.
Report the issue to Facebook here.
Submit phishing sites here and here.

Phishing is nothing new, so on our end, we're hard at work developing solutions to make Facebook more resilient to phishing. You may see more changes to Facebook designed to protect your privacy against phishing attacks in the future. If there's anything left unanswered, check out our Security Center.

Ryan works on the site security team and is a dodgeball ninja.