The Facebook Blog

Facebook Page · RSS Feed

Search results for scams .Back to blog main

- Fighting the Battle Against Money Scams
  by Alok Menghrajani on Tuesday, September 29, 2009 at 12:47pm
  At Facebook, we take your security very seriously and have dedicated teams across the company that focus specifically on protecting people's accounts and fighting cybercrime. Recently we have noticed an increase in scams where people's login information is collected through phishing sites and then their accounts are accessed without permission to ask friends for money. While the total number of people who have been impacted is small, we take any threat to security seriously and are redoubling our efforts to combat the scam.In
  
  this attack,... commonly known as a 419 scam, fraudulent individuals access Facebook accounts and pose as the account owner, claiming to be stranded in a foreign country without access to money. Once they've logged in, the scammers send Facebook Inbox and Chat messages and may even post status updates to the person's profile asking friends to send money, usually through Western Union, a money transfer service.We&
  
  #039;ve posted the full transcript of a real chat conversation between a Facebook user and a scammer to the Facebook Security Page, along with tips to avoid being scammed and instructions on how to report a compromised account. We've also worked with Western Union to help educate consumers about this scam. Western Union has posted a warning about the scam on their website, and they continue to educate their employees on this and other scams. On
  
  the technical side, we have improved a number of our automated systems to better handle this unique class of scam and are taking efforts to ensure that we adapt our response to the scam as it changes. At the same time, our security team is working with law enforcement and collaborating with email providers and other industry experts to identify and catch the criminals responsible. Western Union also is working closely with law enforcement on scams such as this one.Whi
  
  le only a small number of people have experienced this type of scam on Facebook, we are committed to constantly improving our systems and implementing additional measures to better respond. We need your help too. Educate yourself on this scam and others by becoming a fan of the Facebook Security Page, and report any suspicious activity you see using the report links on the site and the contact forms in our Help Center.Alo
  
  k, a software engineer on the site integrity team, builds systems to protect you and fight crime.See More
- Topics: Phishing, Security
- Like · Comment · Share
- Protect Yourself Against Phishing
  by Ryan McGeehan on Friday, May 1, 2009 at 6:06pm
  This week, you may have heard about some new phishing websites that were created to look identical to authentic Facebook pages. Phishing is common across the Internet, but the security team at Facebook has been working to halt the spread of these latest malicious sites.The
  
  fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information. The people behind these websites, known as "phishers," then use the information to access victims' accounts and send messages to their friends, further... propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained.Whe
  
  n the latest phishing incident surfaced on Wednesday, we quickly blocked the fake links from being shared on Facebook
  
  to stop their spread. We've been removing these links from Walls and Inboxes across the site and resetting passwords for any of the compromised accounts we detect. This foils the bad guys, because the login information they collect will no longer work.Working togetherSince phishing is an Internet-wide issue, we also work closely with others in the online security indust
  
  ry to combat these threats. For example, when we find a new phishing site, we send the information to MarkMonitor, a company that adds these p
  hony sites to blacklists. If you've ever visited a website and seen a red sign indicating that it was a "Web Forgery," you've probably seen their work. They also get the fake websites taken down by internet service providers (ISPs), which connect you to the Internet and host websites, and other companies that manage websites. This is what happened with one of the phishing sites involved in the most recent attack. Together, we've responded to over 1,400 phishing sites, including over 240 since the beginning of this year.Detecting threatsIn addition to working with others, we're always improving our own systems. We look at unusual activity on Facebook to detect threats to protect people on the site. For instance, when someone posts to their friends' Wal
  
  ls at a higher rate than usual, we flag the account as potentially compromised. Similar to online banking websites, we take a lot of precaution
  s around your login. If we suspect that your account has been compromised, we ask for additional information to confirm your identity.How you can helpTo combat these threats, we need to your help, too. Protect yourself by always following a few key rules of thumb when you're online:Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.Use unique logins and passwords for each of the websites you use.Check to see that you�
  
  39;re logging in from a
  legitimate Facebook page with the facebook.com domain.Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.Become a fan of the Facebook Security Page for more updates on new threats as well as helpful information on how to protect yourself online.Ryan, an incident response manager on the security team at Facebook, is fishing for phishers.See More
- Topics: Security, Phishing
- Like · Comment · Share
- Staying in Control of Your Facebook Logins
  by Lev Popov on Thursday, May 13, 2010 at 1:25pm
  At Facebook, we're constantly working on new ways to protect you from scams and help you keep your account and information secure. Today, we're announcing some new tools and systems designed to keep the bad guys out and keep you abreast of suspicious activity so you can quickly take action to correct it.We&
  
  #039;ve always devoted significant time and effort to security. We've built technical systems that operate behind the scenes to quickly detect and block suspicious behavior, delete phony posts and messages, and return compromised accounts... to their rightful owners. Most of these systems are invisible to the average person who uses Facebook. Very few people will ever experience a security issue on Facebook, which means that most of you have probably never noticed these systems at work. Rest assured that these systems are there, though, protecting you and your friends.Log
  
  in NotificationsOver the last fe
  w weeks, we've been testing a new feature that allows you to approve the devices you commonly use to log in and then to be notified whenever your account is accessed from a device you haven't approved. This feature is now available to everyone.To try it out, g
  
  o to the Account Settings page and click on the link next to "Account Security" at the bottom of the page. If you select the option to receive notifications for logins from new devices, when you log in, you'll be asked to name and save the various devices you use to access Facebook. For example, you
  
  can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever
  someone logs in to your account from a device not on this list, we'll ask the person to name the device.We'll also send you an immediate email notification - and if you want, a text message - so that you're always up to speed on ho
  
  w your account is being accessed. This notification will provide steps on how to reset your password and remove the d
  evice, so you can quickly secure your account if it's being accessed from a device you don't recognize.We're not aware of any other service that does this, and we encourage you to try it out.Blocking Suspicious LoginsWe've also built a new system to block suspicious logins before they happen. When we see that someone is trying to access your acc
  
  ount from an unusual device, we'll ask the person to answer an additional verification q
  
  uestion to prove his or her identit
  y as the real account owner. For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one. These questions are designed to be easy for you, and hard for a bad guy, and we've already seen some great results.Once you've confirmed your identity, you'll have the opportunity to review recent logins on your account and reset your password if you see logins that you don't recognize.You won't go through this flow often. We'll only ask you to prove
  
  your identity on the rare occasion that we notice something different. If you're ever asked to go through this f
  low, that's just Facebook's site integrity team saying "Hi" and that we're here to help you protect your account. We're confident that these new tools and sy
  
  stems will do a lot to prevent unauthorized logins and the nuisance they can cause. As always, though, the first line of defense is you. We need you to help by practicing safe behavior on Facebook and wherever you go online. Be careful where you enter your password, and don't download suspicious-looking software. We've
  
  posted more tips and information on how to be safe on our Facebook Security Page, so check it out and "Like" it for ongoing updates.Lev Popov, a software engineer on Facebook's site integrity team, is keeping track of his Facebook logins.See More
- Like · Comment · Share
- Facebook Security: Fighting the Good Fight
  by Max Kelly on Thursday, August 7, 2008 at 8:25pm
  Most people use the internet without being aware of the constant threat of hackers, spammers, and phishers. Due to the nature of the internet, and the nature of malicious software, most websites will at some point need to deal with patching a security hole. All good websites take these issues very seriously, since no one wants users to suffer. At Facebook, where people keep so much of their lives and information, we've built an amazing security team solely focused on making sure our users have a safe experience on the site. The
  
  security team... at Facebook is dedicated to investigating and auditing our own code for holes, as well as reaching out to people in an extended community to let us know if we've missed anything. If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible. In fact, we appreciate it when help comes our way from the many security experts and organizations out there. That's why many of us are attending DEFCON this weekend. DEFCON is one of the largest and oldest running hacker conventions, held in Vegas. By going and learning from other people in the online security space, we make keeping people safe online a joint effort. Eve
  
  n right now, as we're preparing to leave for DEFCON, we spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware.As
  
  a Facebook user you can help us protect you by doing the following things: Rep
  ort any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.Never share your Fac
  ebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it's from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.If your Windows PC or Mac is
  ever infected with malware or a virus, check out these helpful sites: http://www.microsoft.com/security/default.mspx or http://support.apple.com/kb/HT1222Finally, just as in your off line comm
  unity, be aware of your surroundings in your online community. If a user doesn't seem right, or says or posts something that you feel is threatening or inappropriate, report it to us. We work hard to keep Facebook as safe as we can. The
  
  security team is always happy when we see spammers complain that it is too hard to make a profit from Facebook. We're also happy when we hear from our users that they consider us a safer place to be online.Max Kelly is Head of Security at Facebook and hopes
  
  that if you are attending DEFCON, you will find him (or someone else from the Facebook team) and say hey.See More
- Like · Comment · Share
- Explaining Facebook's Spam Prevention Systems
  by Caroline Ghiossi on Tuesday, June 29, 2010 at 4:17pm
  As a global service connecting 400 million people, Facebook has helped build and extend communities around the world. As with any community, the benefits of bringing people together are occasionally accompanied by inappropriate or unacceptable conduct by a small number of people. This behavior ranges from thoughtless to criminal and can degrade the experience for others or undermine the community itself. On
  
  Facebook, the most common unacceptable behavior involves some abuse of our communication tools. This can be as innocent as annoying... others with too many messages or friend requests or as serious as deliberately trying to spam others for commercial gain.We
  
  take these deliberate spam attacks seriously and devote a tremendous amount of our engineering time and talent to build systems that detect suspicious activity and automatically warn people about inappropriate behavior or links. Because of our efforts, only a very small percentage of people who use Facebook has ever experienced spam or a security issue.Eve
  
  ry once in a while, though, people misunderstand one of these systems. They incorrectly believe that Facebook is restricting speech because we've blocked them from posting a specific link or from sending a message to someone who is not a friend. Over the years, these misunderstandings have caused us to be wrongly accused of issues ranging from stifling criticism of director Roman Polanski over his sexual abuse charges to curbing support for ending U.S. travel restrictions on Cuba to blocking opponents of same-sex marriage. To
  
  try to be more transparent, we've been working to improve our warnings and make them more clear. We'd also like to take this opportunity to explain in more detail how our systems work.New
  
  warning explaining why content has been blocked.With billions of pieces of content being shared on Facebook every month
  and bad actors constantly targeting the people who u
  
  se Facebook, preventing spam isn't easy. Just as a community relies on its citizens to report crime, we rely on you to let us know when you encounter spam, which can be anything from a friend request sent by someone you don't know to a message that includes a link to a malicious website.Using information from your reports and what we know about how the average person uses Facebook, we've identified certa
  
  in common patterns of unacceptable behavior. For example, we've learned that if someone sends the same message to 50 people not on his or her friend list in the span of an hour, it's usually spam. Similarly, if 75 percent of the friend requests a person sends are ignored, it's very likely that that person is annoying others he or she doesn't actually know. We can't share all of the details of how these systems work because if we did, the spammers might try to get around the
  
  m. However, they're designed to automatically detect suspicious behavior, block it and warn the person who's engaging in it to slow down. In extreme cases where the behavior continues despite our warnings, we may disable the person's account. When this hap
  p
  ens, it usually isn't a person's account at all but a fake account or a real account that's been compromised. The compromised accounts are put into a process to give control back to the rightful owner. In all other cases, we always give the person an opportunity to appeal the decision by contacting us. We then review the account and reactivate it if we determine that the person hasn't violated our Statement of Rights and Responsibilities. For more information on our warnings, check out our Help Center.These automated systems don't just prevent spam and other annoyances. They also protect against dangerous websites tha
  
  t damage your computer or try to steal your information. When we're notified about one of these sites, we immediately add it to a block list and prevent Wall posts or messages that link to it. We also provide the person who's attempting to share the link with an explanation of why it's blocked and a way to correct us if we're wrong. Sometimes, spammers try to hide their malicious links behind URL shorteners like Tiny URL or bit.ly, and in rare cases, we m
  
  ay temporarily block all use of a specific shortener. If you hit a block while using a URL shortener, try a different one or just use the original URL for whatever you're trying to share.These systems are so effective at working in the background that most people who use Facebook will never encounter one. The
  
  y're not perfect, though, and we're always working to improve them. We do this by actively monitoring appeals and learning from the rare cases in which we make mistakes.If you do encounter one of our spam prevention systems, remember that its sole intent is to protect you and maintain Faceboo
  
  k's trusted environment.Caroline Ghiossi, an associate on Facebook's user operations team, is fighting spam.See More
- Topics: Security, Abuse, Spam
- Like · Comment · Share
- Application Spam
  by Paul C. Jeffries on Wednesday, February 20, 2008 at 8:30am
  Recently, a lot of people have been frustrated by applications that inappropriately require you to invite friends. This generates a bad experience for both application users and their friends who receive unwanted invitations. We've been reading all your emails on the topic; there are even Facebook groups and a scheduled protest event devoted to the issue.We&
  
  #039;ve been working on several improvements to prevent this and other abuses by applications. We'll continue to make changes, but wanted to share some of what's new: Whe
  
  n you get a... request from an application, you now have the ability to "Block Application" directly from the request. If you block an application, it will not be able to send you any more requests.A few weeks ago, we
  added the ability to "Clear All" requests from your requests page when you have a lot of requests and invitations that you haven't responded to yet. Your feedback now determines
  how many communications an application can send. When invitations and notifications are ignored, blocked, or marked as spam, Facebook reduces that application's ability to send more. Applications forcing their users to send spammy invitations can wind up with no invitations at all. The power is in your hands; block applications that are bothering you, and report spammy or abusive communications, and we'll restrict the application.We've explicitly told developers
  they cannot dead-end you in an "Invite your Friends" loop. If you are trapped by an application, look for a link to report that "This application is forcing me to invite friends". Your reports will help us stop this behavior.We've added an option to the Edit Applicat
  ions page that allows you to opt-out of emails sent from applications you've already added. When you add a new application, you can uncheck this option right away.Applications must now give you advanced warning if you&#
  039;ll need to invite friends to get information or access content. So you should always know ahead of time if that quiz you're taking will require you to invite friends to see your results. If you see applications withholding content without warning, go to that application's About page to report it. We're always looking for ways to make Facebook even better. The
  s
  e changes should solve a lot of the problems you've been noticing. We're always listening to your feedback, so please continue to send in your suggestions here.Paul leads the Platform Developer Operations & Support team.See More
- Like · Comment · Share
- Making Facebook Safe Against Spam
  by Max Kelly on Monday, November 24, 2008 at 10:16am
  Last Friday, Facebook won an important victory for our users – and against spam and those who create it. We�
  
  39;ve all experienced spam – those unwanted and, sometimes, inappropriate marketing messages. The bad guys behind those messages are always looking to find new ways to annoy people and Facebook's users have been among those targeted. We don't take this affront to our users lying down.In a co
  
  urt in San Jose, after a legal proceeding lasting four months, federal Judge Jeremy Fogel awarded Facebook $873 million in damages against Adam... Guerbuez and Atlantis Blue Capital for sending sleazy messages to our users. The award is the largest judgment in history for an action brought under Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).Does Fa
  
  cebook expect to quickly collect $873 million and share the proceeds in some way with our users? Alas, no. It's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can). But we are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users.This ju
  
  dgment is the result of the tireless effort of our security experts, legal team and the other significant resources we've devoted to finding, exposing and prosecuting the sources of spam attacks. These efforts complement the sophisticated technical systems we continue to develop to limit the impact of these attacks or to block them altogether. Everyo
  n
  e who participates constructively in Facebook should feel confident that we are fighting hard to protect you against spam and other online nuisances. We will continue to invest in this area by improving our technical safeguards and devoting significant resources to finding, exposing and prosecuting the sources of spam attacks. Max Ke
  l
  
  ly is Facebook's Director of Security.See More
- Like · Comment · Share