That conclusion’s based on data from BitDefender’s Safego app, and may actually be conservative.  The data doesn’t cover whatever’s been sent through private messages, for example.  Plus, the 14,000 or so people who have downloaded the security-related app might be a little more paranoid than the average Farmville-obsessed individual, and they might have more security-conscious friends.

Still, Caroline McCarthy was able to report yesterday, "20 percent of Facebook users are exposed to malicious posts in their ‘news feeds’ of friends’ activity, generally defined as posts that, when clicked on, result in ‘the user’s account being hijacked and in malware being automatically posted on the walls of the respective user’s friends.’"

McCarthy later added, "Over 60 percent of attacks come from notifications from malicious third-party applications on Facebook’s developer platform."

That’s a serious cause for concern.  No one likes getting infected by a virus, and users and advertisers might grow a little less fond of Facebook if they ever start to feel like the site is making it too easy for malware authors to attack them.

On the other hand, these sorts of problems are difficult to escape.  Paul Wood, MessageLabs Intelligence Senior Analyst at Symantec, pointed out in an email to WebProNews, "Whatever methods of communication that mankind invents, sooner or later someone will find a way of taking advantage of the new invention and using it for illicit gain, whether this is for theft, confidence trickery or nuisance advertising."

BitDefender Logo
(Photo Credit: BitDefender)

According to Web security firm BitDefender the emails are personalized with a different link sent to each recipient, making URL-based filtering much harder.

"This is a new and untried social engineering approach," said BitDefender CTO, Bogdan Dumitru.

"The fact that these things are being spammed in huge numbers is a bit odd — usually there is a testing phase, to evaluate the response rate. Normally, after testing, some techniques are found ineffective and never get used again. This one’s different."

The "Nigerian" scam works by telling the recipient that they have inherited or are due a large amount of money from an unlikely source. The spammer then tells the recipient to provide banking details in order to receive the money.

BitDefender says Google support has been notified to block the accounts used in the scam.