Sophos is warning that Facebook’s rules for creating Fan Pages are too lax, leaving millions of users vulnerable to being tricked into joining fake sites and exposed to bogus and potentially malicious content.
The calls come after Sophos’s senior technology consultant, Graham Cluley, revealed he is the subject of a fake Fan Page – created without permission by a user pretending to be notorious serial killer Fred West.
“Innocent people – friends, acquaintances, and anyone who might follow my blog – are joining the Fan Page in the belief that they are somehow following me. They have no way of telling that I didn't create this Fan Page," says Cluley. "As someone who has received anonymous death threats from Facebook users in the past, I don't see the funny side in someone called Fred West creating a Facebook Page about me."
Facebook rules state that only authorised representatives of companies, celebrities and music groups are allowed to create Fan Pages – other users should create groups instead. Cluley has reported the abuse to the Facebook team and asked them to remove the Fan Page, but no action has yet been taken and the page remains in place.
Sophos is reminding Facebook users that creating fake content like this raises serious security and reputation issues and that everyone using the site needs to be especially vigilant.
An impostor could potentially gather hundreds of thousands of Facebook fans, before deciding to update them all with a malicious link or send them a dangerous scam. Victims of fake Facebook fan pages could have their character besmirched by someone choosing to post offensive or defamatory updates in their name.
As well as urging Facebook users to be vigilant, Sophos is also calling for the site to tighten up its processes for creating a Fan Page to prevent this happening in future.
“Simple changes made to the site will make Facebook users safer," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa. "If Facebook tightened up the process for creating a Fan Page on its site, so that the creators needed to verify that they are genuinely affiliated to the celebrity or company they are making the page for it would drastically reduce the number of fake Fan Pages and make the site safer.”
Sophos advises that social networkers should not invite their friends to join any Facebook page or application until they have properly researched it.
"Facebook is by far the largest social network and so it’s not surprising that it is particularly vulnerable to misuse. While the security team at Facebook works hard to counter threats which appear on their system, policing over 400-million users can’t be an easy job,” Myroff says.