Sophos warns of Facebook Timeline scams

Sophos is warning users of possible scams surrounding the use of Facebook's Timeline feature.

The company said that scammers and cyber criminals have been spamming users with messages soliciting removal tools which can take the new display option off of the user's profile page.

According to Sophos, the messages ask users to install a browser plug-in. The plug-in, which is presented in Turkish, claims to only be intended for use within Turkey and international users are directed away from the site.

While the company has yet to fully analyse the plug-in itself, Sophos senior technology consultant Graham Cluley advises users to avoid the "removal tool" and other software packages which are referenced in spam messages and unsolicited e-mails.

"Not everyone is a fan of Facebook's Timeline feature," Cluley noted in a company blog post.

"And that's a fact of which spammers and scammers are happy to take advantage."

Facebook first introduced its Timeline profile layout in September of 2011. Described by the company as a way to more prominently feature media files, Timeline redesigns the conventional layout and structure of information on a user's profile page.

As with many of Facebook's redesigns and feature rollouts over the years, Timeline has been met with a mixed reaction from users.

A spokesperson for Facebook reiterated the firm's commitment to tackling security issues on its site

"Security is a top priority for Facebook, and we devote significant resources to helping people protect their accounts and information. We've built numerous defences to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised," they said.

"Security is an arms race, and our teams are always working to identify the next threat and build defences for it."

Security experts believe that social networking platforms offer a new frontier for cyber criminals and scammers looking to harvest user data. The availability of personal details and inherent trust of the platforms makes social networks ideal for targeted attacks and social engineering scams.