Even if you are aware of the latest defence methods in order to keep you safe online, save you from Phishing or Java- Driveby’s, Your facebook account may not be totally secure.
A new feature introduced in facebook called groups, allows members to interact with each other and post on the groups wall. A member of the group can invite his/her other friends to the group and they automatically get added without a confirmation.
If you don't know which all groups are you a member of, you can check it in the left hand side of your facebook page.
For ex, following are the groups I’m a member of :
A latest bug in facebook, allows the attacker to post status updates from your account, or post anything he wants in any of the groups you have joined.
Let’s suppose that the attacker is one of your friends on facebook, and he has your primary email id through which you login.
Now, all he would have to do, is to send a fake mail email@example.com
Where "something" is the name of the group in which he wants to post anything on your behalf.
The result would be something like this:
He could send mail to that email id ( firstname.lastname@example.org ) from the email account you use of facebook using a simple trick known as email spoofing. This can be used to post status updates, comments on any update, and even to change your account settings.
Also, make sure you change your personalized email ( @m.facebook.com ) every few days in order to be safe.
Special thanks to Shavik and Sai Satish of AH. :)
Email me : email@example.com