Last week, Facebook fixed a misconfiguration in its system that allowed for spammers to use your friends list to send spam emails purportedly from your contacts. Facebook did fix the issue, but there are still spam messages rolling in as the spammers in question are using previously obtained information. Here was Facebook’s statement, as reported by CNET:

“Recently, we discovered a single isolated campaign that was using compromised e-mail accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site. We have since enhanced our scraping protections to protect against this and other similar attacks and will continue to investigate this case further. To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information.

To help protect our users, we’ve built enforcement mechanisms to quickly shut down malicious Pages, accounts, and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.

Beyond these protections, we’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.”

The spam may continue for a while until email providers can track down the source or sources. Using a friend’s contact information as a scam is a particularly insidious, though doubtlessly effective way to con people into clicking a link. Hopefully the issue is resolved soon.

Never assume an email or link is legitimate just because it came from a Facebook friend.

Recommended Resources

BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.

PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.

Do Not Track + is a FREE browser plugin created by Abine. This easy to install plugin keeps websites from tracking you. If you value your online privacy, then you should definitely take advantage of this free product.

Action Alert | Free Parental Control offers a 100% free Internet safety solution designed for parents. There is also a Maximum Protection option for parents that need a more advanced set of tools.