Spammers seem to have stepped up attacks on social networking site Facebook in recent months, most notably by hijacking a user’s account to put spammy wall posts on friends’ profiles. These wall posts contain links to spam-related sites. In a preventative move, Facebook just released a new feature that requires you to click “continue” in order to access third-party sites that it has already identified as probably being spam.
This method of getting users to think about their actions is a necessary part of stopping spam; Facebook’s security team has already been fighting the anti-spam technical battle. Clicking on spam is as much a social engineering problem as a technical one — people need to develop a sense for the sorts of links that are malicious. When they don’t, the responsibility of warning them falls on companies like Facebook.
Also, by tracking clicks, Facebook itself can get a better idea for which links are actually spam and which aren’t, as Mike Knoop points out over at Inside Facebook (where I got the above screenshot). This way, Facebook could figure out that seemingly spammy wall posts are actually legitimate, and so not bother users with the link warning in the first place.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.