SCF Advanced Search

  • Total Posts: 40153
  • Total Topics: 14262
  • Online Today: 765
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Sophos criticize Facebook warnings: "your account protection is very low"  (Read 4514 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Have you received a warning from Facebook that your account protection is "very low?" Don't panic.

Your security settings may be stronger than Facebook would lead you to believe -- and that's ticked off one security expert. "The suggestion that users' accounts currently have a protection status of 'very low' is entirely misleading and stinks of scare tactics," declared Graham Cluley, a senior technology consultant with security software maker Sophos.

Facebook has been contacting its members for several weeks now with its "very low" security protection warnings. In the alerts, the company includes a link. Click the link and you're taken to a page that requests additional personal information about you. Sound familiar? This is exactly the tactic used by Internet highwaymen to steal sensitive information from unwitting web users and plant malicious software on their computers.

"With fake antivirus (also known as scareware: ) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions," Cluley wrote at Sophos's Naked Security blog:

In order to increase your account's security protection, Facebook asks for an alternative e-mail address, a mobile phone number, and an updated security question. You might be able to deduce what Facebook is up to by those requests. Its security protection warning isn't about security protection at all, but enabling its members to regain access to their accounts should they be compromised.

"There's nothing necessarily wrong with Facebook giving its millions of users a way of verifying their identity should they lose access to their account, but clearly it should have been presented better and more thought should have gone into how this system was implemented," Cluley wrote.

He suggests that a better approach to what Facebook is trying to accomplish would be a message such as, "We can help you recover your account if it gets hacked; want to know more?"

"I'm not going to tell you not to give Facebook the information they're requesting in this 'account protection' push, but I would suggest that you think carefully before doing so," he cautions.


Samker's Computer Forum -


  • SCF Member
  • **
  • Posts: 16
  • KARMA: 5
  • Gender: Male
I've defo seen that message on my account, didn't believe them either.


  • SCF Advanced Member
  • ***
  • Posts: 213
  • KARMA: -5
Do you have the best solution for this!!

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising