Keeping You Safe from Scams and Spam

May 12, 2011 at 9:59am

Facebook is committed to bringing you a safe experience on the Internet, and today we are announcing several new features to help protect you while online.

 

Partnership with Web of Trust

 

First, we're happy to announce a partnership with Web of Trust. Web of Trust is a free safe surfing tool that tells you which websites you can trust based on the ratings supplied by other Web of Trust community members. Facebook already has a system that automatically scans links to determine whether the websites associated with those links are spammy or contain malware.

 

 

This partnership will help us improve our system by providing additional bad links, and in the coming months, we expect to massively increase our coverage even more by working with other industry leaders. You can become a part of this commmunity too by using the Web of Trust add-on, and leaving your own ratings.

 

Clickjacking protection

 

Spammers sometimes take advantage of a vulnerability in the web browser to try to trick people into clicking on links they might not want to click on. This is called clickjacking, and it’s done by overlaying the link with something more enticing, like a phony offer.

 

We have built defenses to detect clickjacking of the Facebook Like button and to block links to known clickjacking pages. Recently, we improved our systems to also alert people if we think they’re being tricked. Now, when we detect something suspicious, we’ll ask you to confirm your like before posting a story to your profile and your friends’ News Feeds.

 

If you have already clicked on a link resulting in an addition to your "Likes and Interests" section of your profile, you can edit your "Likes and Interests" field by clicking "Edit My Profile" underneath your profile picture. Then, select "Likes and Interests" from the left column menu.

 

Self-XSS Protection

 

Spammers take advantage of another browser weakness by asking people to copy and paste malicious code into their address bar, which then causes the browser to take actions on those people’s behalf, including posting status updates with phony links and sending spam messages to all friends.

 

 

We have been working hard to improve our systems that detect and block these types of attacks, as well as to educate people on what is causing their accounts to send spam. Now, when  our systems detect that someone has pasted malicious code into the address bar, we will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea.

 

 

We are also working with the major browser companies to fix the underlying issue that allows spammers to do this. Internet Explorer 9 has already put some protections in place, and we are talking with others about providing similar protections.

 

Login Approvals

 

Finally, our newest advanced security feature, Login Approvals, is now available to everyone who uses Facebook. This is a two factor authentication system that we first announced last month. If you choose to use it, whenever you log in to Facebook from a new or unrecognized device, we’ll require that you also enter a code we send to your mobile phone via text message.

 

 

If we see a login attempt from a device you haven’t saved, you'll be notified upon your next login and asked to verify the attempt. . If you don’t recognize this login, you'll be able to change your password with the knowledge that while some one else may have known your login credentials, he or she was unable to access your account or cause any harm.

 

 

Find out more about Login Approvals over at Facebook Engineering Page.

 

We hope you’ll follow these tips and use the protections we have provided. To learn more about how to keep your information safe on Facebook and across the internet, please visit the Facebook Security Page.

 

Clement Genzmer, security engineer, is searching and destroying malicious links.

 

Have you or your friends been affected by this scam? Visit our Help Center to learn more.