Mumbai: Facebook users, who were alarmed by reports on Wednesday that hundreds of accounts were attacked by spam, may breathe easy now.
The networking site has said “no accounts have been compromised” but security experts and new media firms caution cybercriminals will continue to prey on gullible users.
Social networking sites are very popular across the globe. Facebook has at least 750 million users worldwide, including 38 million from India.
LinkedIn, a professional networking site, has 12 million users in India and microblogging site Twitter has eight million.
Quite a few private banks besides auto, realty and consumer goods firms have a presence on Facebook or Twitter, besides being on Google+ and LinkedIn.
Industry estimates peg digital spends on social networking sites in India at around $45 million this year, estimated to rise to $250 million by 2013.
“It’s a catch-22 situation for companies who have no choice but to embrace these sites in a digital age since they know that the youth they target are on these social networks,” said Hareesh Tibrewala, social media strategist, owner and joint chief executive officer (CEO) at SocialWavelength, a social media firm.
“But such reports scare and deter smaller companies from embracing these digital avenues. Facebook should include multiple levels of authentication as an additional security measure to reassure users and companies,” he added. Adhvith Dhuddu, founder and CEO at AliveNow, a social media firm, said privacy, security and trust are at the crux of social networking sites.
“Millions of people spend millions of hours on Facebook daily, and if these kinds of issues persist, it will make brands and companies very nervous,” he said. A Facebook statement on Thursday said: “We are always working to improve our systems to isolate and remove material that violates our terms, and take action on those who is responsible for these types of content.”
Internet security firms are not fully convinced. Amit Nath, country manager, India and Saarc, Trend Micro, cited the threat of ‘malvertisements’—an infection chain wherein the user is led from a page within Facebook to a couple of ad sites and then, finally, to a page that hosts a form of malware.
“Users are advised to be careful when it comes to installing Facebook applications and to utilize a security product with a strong Web reputation technology that can help determine bad links from good ones within a social networking environment,” Nath said. Jagannath Patnaik, director, channel sales of security firm Kaspersky Lab, agreed that “users need to discipline themselves, and should buy licensed security tools to protect themselves against viruses and malware.” These tools, some of which have been specially designed for social networking sites, cost Rs 500-750.
Security firm Sophos in its Security Threat 2011 report lists “clickjacking” as a threat, which uses maliciously created pages. Sharing or “liking” the content in question sends the attack out to contacts through newsfeeds and status updates.
Stories of suicide, car crashes and shark attacks were all clickjacking scams in 2010.
“Likejacking” attacks (essentially clickjacking by “liking” something on Facebook) were also termed a nuisance.
Spamming on social networks rose in 2010, with 67% of people surveyed receiving spam messages, up from 57% at the end of 2009 and 33% in the middle of that year. Phishing and malware incidents were also rife, with 43% of users spotting phishing attempts and 40% receiving malware, according to Sophos.