Facebook Offers Incredible Targeted Spamming Opportunity to Spammers
I am really amazed that I seem to be the only one that sees this for what the spammers will see it as: an incredible opportunity to send out tons of highly targeted spam emails, tailored to the recipient's product preferences.
Imagine you have a website that sells cheap counterfeit goods and you want the maximum return on your spamming campaign. For each fake product you sell on your site, visit the official fan page of the real product. For each post on their wall, scrape the profile URLs for every like and comment that appears there. Toss out all duplicates. Extract the usernames from the URLs. Attach "@facebook.com" to the end of them. Send your targeted emails to the lovers of the actual products, offering them incredible deals on the products they love. Repeat with another of your fake products until you have covered your entire inventory.
There will probably soon be tools to automate the process to make it so easy to exploit Facebook's new email system in this manner.
You see, before the @facebook.com email address was an option and you could opt out. Now it is not. Facebook gave it to you whether you wanted it or not, planned to use it or not. And they don't allow you to choose one that differs from the name in your profile URL. And hiding the email address from your profile doesn't delete it from existence, doesn't stop anyone from using it to send you maill. This new unwanted email address only helps the spammers to be more effective in their spamming.
Sophos officials seem to agree, but they think it will simply result in a flood of product, phishing scams and malware spam, and they are probably right. What they seem to miss is how highly targeted the spam will become.
