Social networks such as Facebook and MySpace continue to be an easy target for creators of rogue applications that spam users to gain personal information.
Just recently Facebook removed one application that was found to be rogue where it spammed users by claiming that a friend had reported them (the recipient) of violating the terms of service. If a user clicked on the link within the message it may give the application access to their profile where personal information may be stolen.
The Facebook team disabled this application but is being criticized by security experts, such as Graham Cluley, explaining that they should do more to prevent these rogue applications from spreading instead of just shutting them down on an isolated basis.
How is it that easy for attackers to implement these Rogue Applications on Facebook?
One of the issues, as further explained by Graham Cluley, is Facebook allows anyone to write an application where the third party apps are not vetted before they are available to the public. With that type of implementation of applications it means several rogue or potentially dangerous applications could be running lose on Facebook. Applications on Facebook ask for permission from users if the app can access your profile. This is where the theft of personal information may take place. If an application gains your profile information including login and passwords then a hacker could use this against you to access other accounts online such as banking sites.
Graham Cluley of Sophos also added, "It sounds like this could be a new favoured trick being used by spammers and identity thieves to build up their databases of intended targets," he wrote. "My advice to Facebook users is to think very carefully before adding any new applications."
Lately it seems Facebook is getting hammered with attacks on a regular basis. Social networks are a big target for hackers and cyberthieves. Facebook among other social networks such as MySpace have security holes that hackers discover while the social network staff is always on the defense attempting to fix the vulnerabilities. It may be time that they take proactive steps to rectify the vulnerability issues. Even with MySpace, just recently they had to plug a security hole where strangers where able to view MySpace users' private comments.
What can social network users do to avoid being the next victum?
Educate yourself on how the social network that you use operates. With Facebook's applications users must be aware of how each app is able to gain personal information which could potentially be dangerous. We are not saying avoid use of all applications on Facebook, we are simply asking that you use caution when choosing applications. Although it is no sure way of keeping your information out of the wrong hands other than avoid providing too much personal data on your profile in the first place. It may be best to limit the amount of information that you provide to any social network. The more information that you add then the higher chance of you being a target for an attacker. Either way, use good judgment in any situation when using any type of social network or website over the internet.