Facebook unveils latest security measures

Security analysts have warned that Facebook’s latest security developments against spam e-mail and online fraud may have mixed results in terms of effectiveness and the quality of the user experience.

The social network on Thursday announced a new partnership with Finnish company, Web of Trust, which collects user reviews of suspicious websites and gives them a safety rating. Once a user clicks on a questionable link, Web of Trust’s software will warn them of any risk and give them the option of ignoring the warning or avoiding the site.

As part of the latest security development, Facebook will fold Web of Trust’s bank of about 31m rated websites into its own database of suspicious sites.

“In the coming months, we expect to massively increase our coverage even more by working with other industry leaders,” Facebook wrote in a blog post.

Analysts say the partnership is a good first step, but offering the Web of Trust rating service to Facebook’s 500m users could make it a target for scammers looking to exploit the system.

“As soon as the site is open enough so everyone can contribute, it’s open enough so criminals can manipulate it,” said Chester Wisniewski, a security adviser with Sophos, a computer security firm. “If you’re a criminal and you want to get your link on Facebook, you pretend to be 10m computers and start entering ratings in Web of Trust saying that you’re awesome.”

Spammers are notorious for adapting quickly to new protections. While the rating system will filter out many harmful sites, analysts say, sophisticated spammers will simply alter the malicious URL to circumscribe security.

“We’ll see scammers run through a thousand different domain names in an hour,” Mr Wisniewski said.

For users whose passwords may have been stolen by a scammer, Facebook also implemented on Thursday a new opt-in two-step login process similar to online banking verifications. The process will ask users to enter their usual password, plus a special one-time code sent to their mobile phone when logging in from an unrecognised computer.

Ray Valdes, an analyst with Gartner, a technology research firm, said both the double verification and the social rating systems were worthwhile steps similar to what other leading sites like Google and Yahoo were doing, they wouldn’t have a significant impact on certain scams recently circulating on Facebook.

“There will continue to be new attempts to exploit vulnerabilities as part of this ongoing cat-and-mouse game,” he said.

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.