Facebook, MySpace, and social (media) diseases

Social media is on the rise, and so are the privacy and security risks. Is it time to dial back on the whole Web 2.0 'friend' thing?

The social media honeymoon is officially over. While it may not yet be time to fly to Reno for a quickie divorce, you might want to start thinking about sleeping in separate bedrooms for a while.

Example du jour: Over the weekend, a rogue application spread across Facebook, warning users about bogus errors in their profiles. Clicking on the "Error Check System" app causes it to send false warnings to your entire FB posse, per the unofficial AllFacebook blog. There doesn't seem to be any payload associated with that app besides driving traffic, but the potential for abuse is obvious.

But a bigger problem on social nets is an old familiar one: spam.

So far, spam only accounts for about 5 to 25 percent of all e-mail passed on social networks, versus 90 percent of regular e-mail, says Adam O'Donnell, director of emerging tech for Cloudmark, which filters spam for some large social nets (but won't identify which ones). As more people start tweeting about what their cats ate for lunch and share their Facebook profiles with near-total strangers, though, that number will only grow.

The type of spam on social networks is different too, says O'Donnell. Think fewer fake Viagra come-ons, more social engineering scams. In other words, the junk you get on social networks is more likely to be aimed at stealing your credentials or your identity -- and thus much more dangerous than garden-variety spam.

Cloudmark recently released "the seven deadly sins of social networking spam." I've expanded on them just a bit:

1) Dating spam. Sorry to break it to you, but "Sultry Svetlana," that 23-year-old hottie from the Ukraine who thinks you're fascinating, is really Ugly Ivan, a 46-year-old scammer from Minsk. Take a cold shower and forget about her.

2) Profile and IM lures. Suddenly, you're Mr. Popularity -- only your newfound friends want to lure you to a fake profile page or IM conversation, where they can steal your information. The moral: candy + strangers = bad news.

3) Redirection to dangerous sites. Uh oh, somebody has posted naughty pix of you at an external site -- better go look. No, you won't find naughty pix (at least, not of you), but you might get a drive-by malware infection.

4) Nigerian attacks. That same deposed foreign minister who wanted to share $35 million in embezzled funds with you on e-mail now wants to do it on Facebook. Let me know how that works out for you.

5) Fake jobs. A fantastic job opportunity awaits you. And if you're lucky, your new "employer" will only clean out your bank account and not steal your identity and/or get you arrested along with it.

6) Competitor social network lure. Lesser social networks may try to steal you away by posting comments on your page pretending to be from your friends. Is that pathetic or what?

7) Religion-based spam. Have you accepted the Alien King Rondelay as your one and true savior? Spammers may use social networking sites to convert users for various religions. God help us all.

It's not just spam. The Register reports that government employees in the United Kingdom may soon have their Facebook posses vetted before they get security clearance, quoting an anonymous techie who works in the British gov. The problem? Promiscuous friending could allow the bad guys to sneak into your social circle, giving them access they wouldn't otherwise have. Quoth The Reg:

...the message is clear: what you put out on social networking sites can come back to haunt you. When it comes to vetting, it's not just the embarrassing pictures that matter; embarrassing friends – and possibly even friends of friends – may matter as well.

Have I scared you away from Facebook yet? I didn't think so. But before you wade deeper into the social media waters, remember that as the amount of information you share increases, so does the risk -- and the more personal that info is, the worse the consequences may be. As mom used to say, it's all fun and games until someone loses their identity.

Do Facebook, MySpace, Twitter, et al pose a threat? Post your thoughts below or e-mail me direct: cringe (at) infoworld (dot) com.