Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Passionately Liked Facebook pages have begun to see their numbers sag.
One example is the third most-Liked Facebook page, Texas HoldEm Poker, which had a weekly count that was down 275,352 as of Saturday, according to an independent page metric site, PageData.
If you drill down into pages' growth charts, you'll see that the drops began on Monday, 24 September.
Other pages that suddenly lost some warm and fuzzy include celebrity pages of Lady Gaga (down 104,125 for the past week), Eminem (-5,572) and Rihanna (-50,610).
Facebook confirmed to CNN that the slipping Likes numbers are part of a site upgrade (perhaps in response to the site's admission that it has over 83 million fake profiles?), but it wouldn't give details beyond pointing to a 31 August statement regarding improvements to site integrity systems.
The posting states that Facebook has recently increased automated efforts to remove Likes that may have been gained by means that violate Facebook Terms, including malware, compromised accounts, duped users or purchased bulk Likes.
The move shouldn't make most pages deflate too much, Facebook says:
On average, less than 1% of Likes on any given Page will be removed, providing they and their affiliates have been abiding by our terms. … While we have always had dedicated protections against each of these threats on Facebook, these improved systems have been specifically configured to identify and take action against suspicious Likes.
One source of Like inflation are networks of zombie accounts run by bot masters.
Researchers at the University of British Columbia last year created a network of some 100 Facebook bots and found it was easy to evade Facebook detection, convincing thousands of real Facebook users to friend their lifeless fabrications - particularly when they employed photos of attractive women.
Another source of fake Likes is a phenomenon known as a tagging session.
A Valentine's Day page, bleating about Love and Like, adorned with red and pink hearts, is an example.
That Facebook page conducts frenzied, 10-minute Liking and Sharing sessions, the rules of which state that it will ban participants who don't tag 99% of the sites being promoted.
But just who, exactly, gets hurt by fake Likes? Those who are trying to accurately measure how well their marketing efforts are doing.
Jon Loomer, a social media consultant, is one of those people.
In January, he posted about being targeted by Like scams.
Loomer happily watched his Likes grow, only to find that much of it came from tagging-session participants who didn't have a clue who he was or what his page was for.
As such, he was left in the dark regarding what real relationships he'd managed to form:
An inflated number is not reality. It doesn’t give me an accurate reflection of how I’m doing. So if I’m doing poorly, I want the numbers to reflect that. I don’t want a lie that will deflect the truth.
Regardless of what Facebook does to weed out fake Likes, the black market will evolve. We'll continue to see bots that add friends, spam messages and Like pages.
But people who buy into these offers for bogus page promotion, such as "500 Likes for $5!", will get what they paid for: junk.
They'll get 80% bots and 20% people who've been spammed to death, notes Quora submitter Massimo Chieruzzi.
And as Loomer points out, some perfectly well-meaning people may well participate in tagging sessions:
They are struggling. They don’t want to spend the money on ads. Maybe they simply don’t know how to build a page honestly. Or they think this will lead to wealth.
But fake Likes are just smoke. They won't help struggling businesses grow in any real sense.
So kudos to Facebook for popping the bubble, even if it's only a temporary stop-gap before the black market evolves and finds more ways to rig the system.
If you're on Facebook, and want to learn more about security and privacy issues on the social network, consider joining the Naked Security Facebook page.
Follow @LisaVaas
Follow @NakedSecurity
So, you think you're doing a pretty good job in terms of computer security on your home PC? You've kept your computer fully patched against the latest vulnerabilities? You've ensured that your PC is running the latest-and-greatest anti-virus updates?
Fabio Assolini, a researcher for Kaspersky Labs, gave a fascinating presentation at the Virus Bulletin conference in Dallas last week, describing how more than 4.5 million home DSL routers in Brazil were found to have been silently hacked by cybercriminals last year.
The motivation for the attack, which impacted millions of Brazilian users, was - of course - money. Malware installed onto victims' computers could steal files and keypresses, trick users into entering sensitive information on convincing phishing pages, spy upon passwords and banking information, and provide a flood of data for the hackers to exploit.
Adobe security chief Brad Arkin has warned that hackers have managed to create malicious files with Adobe's digital code-signing signature.
The US Federal Trade Commission has reached a settlement with seven computer rental companies and a software firm over what the agency said was flagrant computer spying on customers of the rental stores.
This included usernames and passwords for access to email accounts and social media websites, as well as screenshots of websites containing confidential information like medical records, Social Security Numbers and bank account numbers, the FTC said. 
"Sharing these images with third parties can cause consumers financial and physical injury and impair their peaceful enjoyment of their homes," the FTC complaint reads. 
Attacks against the websites of leading banks in the United States have the banking and financial services industry on edge. 
Wells Fargo used its Twitter account to apologize for service interruptions on Wednesday and said it was working to "quickly resolve this issue." Most of the targeted banks were back online and operational Thursday. 
Microsoft has released an out-of-cycle security update to protect Internet Explorer users against a vulnerability that was being exploited by malicious hackers.
Microsoft has issued a simple Fix It tool to fix the zero day security vulnerability in Internet Explorer that has been causing headlines this week.
A high stakes online poker player says that an unknown hacker used a malicious image file to compromise his account and empty of it of more than $100,000 in winnings – the latest in what players say is a string of scams.
Have you received a Twitter message from an online friend, suggesting you have been captured in a Facebook video?
ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows.
Things just got even more exciting/weird/incredible (delete as inapplicable) in the up-down-left-right saga of Kim Dotcom and Megaupload.
With a couple of working days plus a weekend under its belt, OS X Mountain Lion 10.8.2 - and its sibling upgrades, Lion's 10.7.5 and Snow Leopard's Security Update 2012-004 - don't seem to have caused early adopters any major problems. 
Mountain Lion users move to 10.8.2, which includes an update from Safari 6.0 to 6.0.1. 
Facebook is dropping its controversial facial recognition feature, for European users at least, following a privacy backlash from users and regulators.
Schrems received a 1,200 page document that suggested the company was collecting awide range of information about users without their consent, and holding onto information – photos and comments – that users had been led to believe were deleted. 
A Texas school district in the US is putting tracking chips into new, mandatory student IDs to keep tabs on students' whereabouts at all times. 
If you received an email, apparently from Microsoft, claiming to be about "Important Changes to Microsoft Services Agreement" would you trust it?
Schools that want to teach online safety should start with a frank discussion of how modern malware works, the kinds of behaviors that increase the risk of you being targeted or infected, and what to do in the unfortunate event that you become a victim.