Inside Facebook security, and how to better protect your account

Graham Cluley
Graham Cluley
@[email protected]

Facebook’s Nick Bilogorskiy kicked off proceedings at the Virus Bulletin 2010 conference in Vancouver this morning, giving the social network’s view on the scale of the cybercrime problem.

Facebook discussed at VB2010

Bilogorskiy, who heads up the anti-malware team at the social networking giant, revealed some jaw-dropping statistics and fascinating facts:

  • 23 billion minutes are spent each day by people on Facebook.
  • Is email dead? Only 11% of teens use email daily to communicate with their friends – preferring IM, social networks and SMS texting instead. No surprise then that we’ve seen such a rise in the number of reports of attacks via sites like Facebook.
  • And, perhaps most pertinently to the readers of this blog, the authors of the Koobface worm made on average $35,000 per week through their botnet during 2009. That’s $1.8 million per year. Furthermore, Bilogorskiy says he knows their true identities – and law enforcement agencies are investigating.

Sobering stuff, indeed.

Sign up to our free newsletter.
Security news, advice, and tips.

Nick Bilogorskiy and Graham Cluley, VB2010
(Facebook’s Nick Bilogorskiy and Sophos’s Graham Cluley, VB2010. Picture courtesy of Andreas Marx, AV-Test.Org)

Nick Bilogorskiy and the rest of Facebook’s security team clearly have some significant challenges – 500 million users, many of whom seem to show little concern about protecting their privacy, and a horde of criminals waiting to take advantage through 419 scams, identity theft, spam, malware and rogue applications.

One piece of advice that Nick shared during his talk that could be of use to some folks, is some new functionality that Facebook introduced earlier this year which can help warn you if someone logs into your account from another computer.

Facebook account security settings

Using the system you can automatically receive an email or SMS text message if your account is accessed from a computer that isn’t registered. That’s handy if you’re worried about an identity thief or spammer breaking into your account.

More details are published on the Facebook blog if you want to try it out for yourself.

Of course, one thing to beware is that it would be easy for hackers to fake an email to appear as though it were one of the messages from Facebook, warning you that your account had been accessed. And if in a blind panic you clicked on a link in that bogus email, you might be taken to a phishing site.

Life’s never simple is it?

If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.