Facebook’s Security–Unacceptable

This would be like the fire department refusing to take your call because you only saw a house on fire–but it wasn’t your house!

I logged onto Facebook today to find two friends with hacked accounts. Each had sent an email to a long list of friends. The email contained a single URL. Of course the URL didn’t come from my friends and the purpose of sending it was nefarious. This has happened before… it has happened many times before.

facebook-phish.pngThere were telltale signs. The destination URL led to what looked like Facebook’s login page though it had a Russian URL. The text was obviously written by a non-native English speaker confused about when to use helps versus help. Not every phishing attempt is so easily spotted.

There will always be bad operators. However, I find Facebook’s response to this type of problem inadequate to the point of being irresponsible. If you as a user spend the time to get to the help page that covers this situation Facebook says:

“It is possible that malicious software was downloaded to your friend’s computer or that their login information was phished in an attempt to send spam from their profile. We would like to investigate this issue further, but unfortunately, we cannot release information regarding a user’s account to anyone but the account holder. Please tell your friend to visit the Facebook Help Center and contact us.”

This would be like the fire department refusing to take your call because you only saw a house on fire–but it wasn’t your house!

So, on this beautiful holiday afternoon when Facebook users are unlikely to be online the problem will fester. Other innocents won’t notice it’s a scam and give up their user info too. The problem will spread.

Facebook has an obligation to take a more active role. This is not some after school project, but a business now valued in the billions!

3 thoughts on “Facebook’s Security–Unacceptable”

  1. How would you think they could fix it though? If someone is.. let’s just be friendly and say ‘inexperienced’.. enough to fall for this.. what can be done? If I made a fake geofffox.com admin page and fooled you into logging into it with your admin credentials.. who is to blame? certainly not your provider, right?

    Not trying to flame you – just wonder what you think a good solution would be?

  2. I think I should be able to tell Facebook I received the email and there are 20-30 more of those still waiting to be read. And then Facebook removes them. Instead, even after I know its there (and can tell Facebook) others are being sent the message.

  3. yea thats certainly reasonable for them to be able to detect the message and delete it. I hadn’t gotten one so I just assumed it was a spammy mail sent outside of facebook, not actually through fb’s interface.

Leave a Reply

Your email address will not be published. Required fields are marked *