Last week, Facebook announced its new email service which brings together Facebook messages, instant messaging chat and SMS messages in one place.
Sophos’ Graham Cluley gives a quick rundown of the service and comments on the security implications.
What's changed?
Facebook is bringing together traditional email, Facebook messages, instant messaging chat and SMS messages all into one place. They say this solves the problem of remembering that your Grandma isn't on Facebook and prefers to receive an email, and that cousin Henry's computer is broken so he'd prefer to get text messages.
Rather than remember how each person likes to be communicated with, now you will just message them via the Facebook service, and it will work out how to get the communication to them.
Will I get a @facebook.com email address?
If you're on Facebook and you want one, then yes, you'll be able to get one. It will take a few months for Facebook to roll out the service for all its users, however.
So, it's just another form of email?
Not really. It's actually more like sending a text or an instant message. The messages won't have any subject lines, for instance. Furthermore, Facebook says it will store a complete history of all of your communications with one person in one place.
You may be too late. If you already chose a public username on Facebook (for instance, facebook.com/publicusername) then that will be your email address too ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ).
But if my public username is public, doesn't that mean anyone can find out my Facebook email address too?
Yes. Anyone will be able to work out your Facebook email address and send you a message. You will need to change your default privacy settings to block messages from unknown addresses.
Choose the "Friends Only" setting to ensure that only your Facebook friends can message you.
How will Facebook sort through the messages?
Emails from friends and their friends go directly to your main messages folder, and everything else goes to the "Other" folder. Facebook says that spam and bulk email will automatically go to the "Other" folder, but it remains to be seen how effective that will be.
Also, they don't say how they will deal with spam and malware sent from accounts belonging to your Facebook friends - which has become a significant problem in the last year.
What if I'm Facebook friends with someone and they try to email me from a non-Facebook address?
Facebook says that if a message comes from an email address that they can't confirm as belonging to one of your friends they will block it - if you have selected the "Friends Only" setting.
Could I receive spam and malware via the new system?
Yes. The new features do increase the attack surface of the Facebook platform, and make the accounts of users all the more alluring for cybercriminals to break into.
Facebook accounts will now be linked with many more people in your social circle - opening up new opportunities for identity fraudsters to launch attacks. Furthermore, because Facebook will be storing a complete archive of all of your communications with one person - there will be concerns as to how such data could be misused if it fell into the wrong hands.
It will be critical for Facebook to implement more effective filtering mechanisms to prevent fraudsters from manipulating Facebook users into falling victim to new spams, scams and phishing attacks.
For instance, the new messaging system allows users to send not just links, photos, and videos to each other - but also external files such as documents and spreadsheets. These could be malware-infected or carry spam messages. It's unclear at the moment whether Facebook will put any restrictions on the types of files that can be attached to messages.
Meanwhile, users will need to take greater care of the security of their Facebook account then ever before. Keeping security up-to-date on computers, policing which applications link with their Facebook profile, and choosing sensible, unique, hard-to-crack passwords will be essential.
Facebook users mustn't fool themselves into believing that they are safe as long as they only trust the messages sent to them by their Facebook friends, as those accounts can still be compromised by malicious hackers.
Remember that spam sent via social networks can be more effective than traditional email spam, as users are more likely to open and trust a message which appears to have been sent by someone they know - one of their Facebook friends.
I don't have to use Facebook if I don't want to, right?
Right. But if you go around telling everyone your Facebook email address that's going to make it a whole lot more difficult to quit Facebook in the future. This, no doubt, is part of Facebook's strategy.
