Facebook fans, consider yourselves warned. According to computer security firm Sophos, the popular social networking site’s new online messaging service makes users of the social networking site more vulnerable to identity theft by cybercriminals.

"Before signing up, users need to realize that these new features increase the attack surface on the Facebook platform, and make personal accounts all the more alluring for cybercriminals to break into," said Graham Cluley, senior technology consultant at Sophos, in a statement. "Facebook accounts will now be linked with many more people in the users' social circles, opening up new opportunities for identity fraudsters to launch attacks."

Sophos notes that cybercriminals are compromising the accounts of Facebook users, and using their accounts to spread spam messages. Spam sent via social networks can be more impactful than traditional e-mail spam, as users are more likely to open and trust a message, which appears to have been sent by someone they know - one of their Facebook friends.

Essentially, Facebook’s new messaging system unites Facebook messages, instant messaging chat and SMS messages in one location. By storing a complete archive of all of their communications with one person, Sophos’ Cluley argued that it “raises concerns as to how this data could be misused if it fell into the wrong hands.

With this in mind, it will be critical for Facebook to implement more effective filtering mechanisms to prevent fraudsters from manipulating Facebook users into falling victim to new spams, scams and phishing attacks."

So what’s the solution? Aside from abstaining from Facebook altogether, Sophos recommended “keeping security up-to-date on computers, policing which applications link with their Facebook profile, and choosing sensible, unique, hard-to-crack passwords.”

Approximately 350 million of Facebook's more than 500 million members rely on the site’s messaging service, with more than four billion digital messages sent daily.

Edited by Jaclyn Allard