Note to Facebook users: You’ll most likely receive more phishing emails on Facebook than you’re on Google, IRS (Internal Revenue Service) and RapidShare, according to a scam report released by Kaspersky Lab this month. Perhaps it’s no big surprise as Facebook has more than 400 million users and became one of the most popular targets for phishing scams.

On the report, it compiled that Facebook is accounted for 5.7 percent of the phishing pie chart, and thus ranks fourth in the top 10 most popular phishing targets in the first quarter of 2010 across the Web. Meanwhile, the report said that the first most targeted is PayPal, followed by eBay and HSBC is ranked as number three.

On the other hand, with 5.7 percent of the total volume of phishing attacks that Facebook confronted, it is more targeted than Google, which ranked 5th with 3.1 percent, followed by the IRS with 2.2 percent, and RapidShare, the popular hosting site, with 1.8 percent respectively; see the pie chart below.

Source: available at http://www.kaspersky.com/images/vlill/q1_spam2010_pic09_en.png, accessed May 20, 2010

Thinking of your account safety but you do not know how to configure Facebook privacy settings properly? Watch the embedded video in the below and see if it’s right for you.

In fact, the video was produced by ConnectSafely.org, a non-profit Internet safety organization and it’s a 5 and a-half min length video.

Enjoy!

As announced in Facebook’s official blog, they have introduced two main new security features to further protect their user accounts from hackers and scammers.

From now on, users can choose to be notified when their accounts are being accessed from the computers or mobile devices they haven’t used before. Should Facebook detect any suspicious login with the user account, they will ask the person to name the device name, in addition to send an email notification to the account holder as a warning message.

However, to enable this new Facebook security feature, Facebook users have to log-in to their accounts and manually configure the following setting:

1) Log in and click on “Account” at the top right of the page

2) Then on account page, click on “Settings”

3) On the Account Settings page, click on “Account Security”

4) The last step is to change the selection from No to Yes, as shown in the below picture.

Meanwhile, they also add a new layer of security that works at the personal security question; whenever there is a suspicious login, Facebook will prompt the person for identity confirmation.

In fact, the back-end mechanism of these features is targeting at the IP level to automatically match the IP address of one logged in to Facebook, and hopefully these new additions can help to further protect Facebook users from malicious individuals.

Good news for the Facebook users, Facebook has re-enabled its chat feature.

In fact, the chat feature was down for maintenance on Wednesday in response to a report that exposed a security bug. In the report, it said users can access and view the private chat messages and also the pending friend requests by simply controlling the preview of the profile of Facebook’s privacy settings.

Nevertheless, it seems Facebook has finally worked out the known bugs in its chat feature, and hopefully there will be “no” other similar bugs popped up in near future.

If you came across an email asking you to download the Facebook toolbar, with the email heading, i.e. Try the New Facebook Toolbar! Please delete it straight away.

As shown in the below picture, it is clear that the virus authors are using a subtle way to lure potential victims into downloading a toolbar. Perhaps, download the new Facebook toolbar will get users a better way to share and connect with friends is more tempting than anything else.

The email also comes with an executable file, i.e. toolbar.exe. This toolbar.exe is presented itself with an icon of a black ball with “darkSector” written on it and it is detected as a Trojan.Dropper by Symantec.

Typically, Trojan.Dropper is a standalone program that drops different type of standalone malware (trojans, worms, backdoors) to a system. Once executed, it will extract all files it contained to some folder (usually temporary folder) and runs all of them simultaneously. In many cases, Trojan-Droppers also drop and executes to display games, images or messages, which serve as decoys to avert attention from malicious activities.

According to Australian ABC News, Facebook is now examining its accounts of users whose passwords have been hacked by a Russian hacker.

The hacker who called himself Kirllos claimed to have the account details amounted to 1.5 million Facebook users. What’s more, the hacker is offering to sell the login details of accounts hacked by him for a price in between US$25 and US$45 per batch as 1,000 user logins stands for one batch.

In the meantime, Facebook is urging its users who feel their accounts are compromised to follow steps on its security page.

“We’re investigating the accounts in question so that we can block access to any that might be compromised and restore them to their rightful owners,” spokeswoman Maureen O’Hara said.

“We invest heavily in helping people keep their accounts secure and have a team of security professionals who investigate specific attacks on our users and work with law enforcement to pursue those responsible.”

Ironically, it seems the Facebook account selling was not started on this month, but months ago when the hacker registered his account in one of the forums in Russia namely Antichat.ru on last December. There are few topic forums found on that forum with a heading, i.e. “[Sell] Facebook” and batch by batch of Facebook accounts hacked have been posted by kirllos from 2nd January to 8th February in this year.

Sadly, this kind of incident should not be happened on Facebook. The reality is that there are still many, and many users do not aware of how important of keeping their accounts safe.

In this matter, users are advised to be wary of logging onto their Facebook accounts other than the official Facebook page, i.e. facebook.com domain.

In addition, it’s a good practice to use version updated Web browser when facebooking on the Web, and choose the unique logins and passwords for each of the different Web sites you used. Also, be cautious of any message, post, or link that looks suspicious or requires an additional login, even if it is coming from a friend.

Phishing campaigns on social networks are not new. The scammers are not satisfied only for pushing spam to sell “Canadian” pills. Now they are using all sorts of phishing campaigns to steal your Facebook password, and constantly change their tactics such as trick the users to download a keylogger so that they can collect your credit card numbers, and etc.

Now the main issue is, how can you tell if your personal information is being phished in Facebook? Here are some useful tips provided by TrendMicro:

- Check the email’s content. Misspellings and grammatical mistakes are very common in spammed messages.

- Check the sender’s email address. A legitimate Facebook email sender will have a facebook.com and not a facebookmail.com address.

Don’t be misled. Facebook Wall strongly advise that you follow the aforesaid tips and stay safe when networking with all your friends in Facebook.

McAfee, one of the leading Internet security firms has launched a Facebook page called Moms Against Cybercrime. On this page, you’ll find all the tips on which how parents keep their kids safe when they go online. Besides with the tips, there are videos, blog posts that synchronized from McAfee’s Security Insights blog.

In fact, Moms Against Cybercrime is a Facebook page for parents. Parents will be equipped with all the common sense and ways to keep their children safer online after they read all the notes posted on the page. Do what as the cybersafety advocates suggested, i.e. know well about what your kids were doing on the Web. I think for parents, they should learn more about the ways to keep their kids or teens’ online safety, so that they can strike a right balance between concern and supervision.

According to AP, the private photographs of celebrity Paris Hilton and Facebook chief executive Mark Zuckerberg have been exposed by a Vancouver, Canada computer technician namely Byron Ng. Ng was reported that he has started to look for the Facebook security weaknesses since last week and surely he found his way to access to some Facebook private photos that were supposedly be protected. It was a serious blow to Facebook as they just launched two new security features which include a “Friends of Friends” privacy option last week. It seemed like for some unscrupulous hackers, the tricks they’re manipulating could helped them in divulge personal information of all the Facebook users, including you and me. That is sad, and identified as a predictor that Facebook is still not at its best to protect the valuable users’ data.

Though Facebook spokeswoman Brandee Barker said Facebook was patched the bug after the security alert within an hour, this is neither the first time nor the last time a Facebook photo flaw can be found on the Web. A blog called laatedaa has published a post on the issue of Facebook private photos code in January. On that blog, a user can simply follow the instructions and enter the Web address, she is allowed to access to somebody’s Facebook private photo albums. (Update: A most latest comment showed that the code doesn’t work anymore)

Nonetheless, that such security flaw happen is alarming. We, as the Facebook users didn’t have much choice in preventing the revelation of data.

via [AP]