More than a fifth of Facebook users have dodgy links on their news feeds that could lead to malicious or spam content, according to stats from BitDefender.
Some 60% of those links are from third-party apps from Facebook's own developer platform - suggesting the social networking site needs to clean up its app-approval system.
The data is from BitDefender's Facebook app "safego", which scans profiles and posts to look for security risks. In the month since its beta launch, it has scanned millions of posts from 17,000 users. As of today, 22% of those users had dodgy links on their profiles or news feeds.
Many of those malicious links take users to rogue applications that claim to offer a feature not actually found on Facebook. Of the most common scams, a fifth claim to offer the ability to see who has viewed your pofile, 15% promise bonus items in games such as FarmVille, and 11% promise extra features such as "dislike" buttons.
Not all the threats had to do with applications. A sixth of threats found by safego offered a link to "shocking" content, but clicking requires the user to install an app or visit an external site, which could host malicious content.
"If they do have really interesting messages like 'see what I did with my girlfriend online' or something like that, usually you shouldn't open those," advised Catalin Cosoi, head of BitDefender's online threat lab.
However, fewer than 2% of such links actually install malware, with the majority acting more as spam. "Most of them are just applications that will post messages on your behalf without you knowing," he said. "Some will serve ads, some will direct you to certain websites, but there are very few that actually spread malware. They're spam and they're trying to be viral, to add as many users as possible."
According to a separate online survey by F-Secure, three-quarters of Facebook users think spam is a problem on the site, with 30% saying they face it on a daily basis. Despite the challenges, 77% of Facebook users said they still feel safe using the site.
Cosoi praised Facebook for its back-end security systems and efforts to look at reported apps. "One thing they could do better is educate people about how to stay away from these sorts of applications."
A Facebook spokesperson said the site has been working on improving its security. "We've built numerous defenses to combat spam, phishing, and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised," the spokesperson said.
"Once we detect a phony message, we delete all instances of that message across the site," the spokesperson added. "We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely."