Sophos: Facebook takes on spammer and wins USD 873 million
November 2008 by Sophos
IT security and control firm Sophos has welcomed news that Facebook has won a USD 873 million judgement against a Canadian man who bombarded millions of the social networking site’s members with unsolicited spam messages.
According to reports, Adam Guerbuez from Montreal tricked users into revealing their passwords and usernames and used this information to gain access to their personal profiles. Facebook alleges he then sent out more than four million messages promoting products from marijuana to sexual enhancement drugs.
"While Facebook will no doubt struggle to collect this huge amount of money, the enormity of this fine will, we hope, deter spammers from attempting to capitalise on the social networking site’s popularity to push their products," said Carole Theriault, senior security consultant at Sophos. "This kind of spam has grown in volume in recent months as cybercriminals have realised that social networking users can be more easily fooled into clicking on a link that appears to have come from a Facebook friend than if it arrived via regular email. While Facebook is taking steps to better protect its users, hackers will no doubt continue to seek out new vectors of attack - ultimately the onus is on the individual user to exercise caution when using the site and when clicking on unknown links."
Sophos warns that spam via social networks like Facebook is only possible because users are not being careful enough about protecting their usernames and passwords on the site. Sophos has seen an increase in phishing attacks (which used to be largely targeted at online bank customers) against the users of social networking websites.
"Hackers are keen to steal the usernames and passwords of Facebook users as it makes it easier for them to spam out convincing messages to a victim’s network of friends," explained Theriault. "You should not only choose a complex, hard-to-guess password for these sites, but also defend your computer with up-to-date anti-virus software and security patches."