API Security Tips

Latest Facebook App Scam
Updated: Nov 17, 2011

Phishing scams are nothing new on social networking sites. Facebook has been especially prone to ongoing series of attacks, including recent scams promising free tickets on Southwest Airlines and free iPad giveaways. However, hackers have recently launched a more subtle and insidious campaign of attacks that capitalize on the social engineering (and inherent trust) that powers all interactions on Facebook, and the sentimentality of Facebook users.

Rather than baiting users with obvious, "too good to be true" deals, this new generation of phishing scams centers around so-called "1st status" scams, which invite users to install a Facebook app that will publish a given user's very first Facebook status update. This new type of phishing scam is particularly artful (and damaging), especially in light of legitimate Facebook apps such as FriendStatistics and year-end roundup apps that reveal similar information, such as a user's most popular friends and frequently-mentioned words.

The proliferation of third-party apps on Facebook and the prevalence of shortened URL enables hackers to easily mask the source of these malicious apps. The appeal of these "1st status" apps is obvious and immediate to many Facebook users, and facilitates the rapid spread of the rogue app across their entire social network through automatic status updates that blast to a user's entire friend list. As Facebook works to address this latest threat, internet security specialists caution users to follow common sense: be wary of apps that request access to your personal information, and avoid shortened URLs.