The post-by-email feature in Facebook Groups has opened up a new wave of security concerns as The Next Web has reported how the feature can be easily abused by hackers. The feature could allow an online attacker to post pictures or plain text as anyone that is a member of any given Facebook group. In order to do this, the hacker would only need access to a local SMTP server and would need to know what your email address for your Facebook log-in is.
As for how it’s done, it’s devilishly simple. The attacker just has to change the “from” field in a new email and then send the email to the Facebook group’s email address. Facebook has no verification system; it simply sees that an email is coming from the user’s email address and assumes it’s actually them. Here are two possible solutions, as put forward by The Next Web:
- “By enabling verification of a security token: Facebook may give you one security-token which will be known by you and YOU ONLY, and you will have to include it somewhere in the mail (body/subject) while using this ‘POST BY EMAIL’ feature. Once they verify it as you, they will allow that post to go to the group wall.
- By verifying the origin of the mail: Once you use this ‘POST BY EMAIL’ feature, Facebook may send you a confirmation/verification link to your email address which must click on to verify the authenticity of your content.”
Hopefully Facebook will act soon to solve this issue. What other simple steps could Facebook take to lock down its users’ privacy?
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.
PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.
Action Alert | Free Parental Control offers a 100% free Internet safety solution designed for parents. There is also a Maximum Protection option for parents that need a more advanced set of tools.