However, all this comes amid a drumbeat of reports about scams on the network. And Facebook’s own data suggest that large numbers of people are exposed to some scams over time—and that the site does experience 600,000 compromised logins daily. Each compromised login can mean a hacker or criminal might be sending attacks to a user’s contacts under his or her name.
These messages could be phishing schemes that try to trick people into revealing passwords for bank accounts or other services. Others could contain links that try to defraud users by flashing phony warnings of infection and prompting them to pay for phony antivirus software. These messages may include links to malicious sites that make attempts to download viruses to steal data or hijack the computer for cyber-attacks.
In the past year or two, Facebook and other websites have seen a rising number of malicious Web addresses that lead to attacks like these. So over the past year Facebook has enlisted two outside firms—Web of Trust and Websense—to help the site block known malicious links. The targets are gathered from security companies, law enforcement, and even actual users who report suspicious links.
The problem with this method is that there’s a time lag before many such links are detected. Often, they are further hidden by link-shortening services such as Bit.ly. Earlier this year, the Web security firm Symantec reported that in 2010, malicious links made up two-thirds of all such short links on social networks. The company added that almost 90 percent of them had been clicked by users at least once.
Users are perceiving rising problems. In July, for example, the security firm Sophos reported that 81 percent of survey respondents saw Facebook as the “biggest risk” online—up from 60 percent in 2010.
In addition to the tweaks announced today, a remarkable real-time fight is escalating. Facebook actively looks for patterns of viral propagation and other behavior that seems malicious. Machine-learning algorithms update every 30 minutes to find and squelch the source of such attacks, says Stein.