The Biggest Security Threat: Facebook And You

Forget those phishing emails that attempt to get your credit card or bank sign-in information. When crooks want to know how to get into your bank account, they post a message on Facebook. These messages appear so innocuous and so appropriate in the Facebook setting that you are likely to not only get conned, but pass with a straight “A”on the scam.

Facebook is the new frontier for fraud, says Tom Clare, head of product marketing at Blue Coat, an Internet security company that does annual reports on web threats. In just this past year social networks have soared to 4th from 17th most treacherous web terrain — behind porn and software-sharing sites, which you probably know that you should avoid like a plague.

What makes Facebook so treacherous? Us, the very people who make Facebook great.

It starts with the fact that we are inundated with requests to set up passwords to get into our work computers, our online bank accounts, Facebook and every other web-based subscription. So what do we do? Well, most of the time its the same password.

“Crooks understand that most users use the same password for everything,” says Clare. “If they can get your user credentials for your Facebook account, there’s a good chance that they have the password for your bank account, and every other account that you may have linked to your e-mail.” You see, on Facebook, your email address is imputed, so if you use the same password that is your email account as well as your Facebook account, if your Facebook is compromised, than by proxy anything that you receive email from should also be considered as being compromised. 

 

If you are smart enough to have separate passwords for Facebook and your financial accounts, crooks get at you through a variety phishing attempts that you might think are Facebook games and widgets. But look closely and you’ll realize that they deliver answers to all of your bank’s security questions–and possibly clues to your passwords — right into the hands of the crooks.

Think it couldn’t happen to you? Let’s see if you recognize any of these 5 recent Facebook messages that jeopardize your security. All of these came from my Facebook friends in just the past few months:

1. Who knows you best?

The message reads: Can you do this? My middle name __________, my age ___, my favorite soda _______, my birthday ___/___/___, whose the love of my life ______ , my best friend _____, my favorite color ______, my eye color _______, my hair color ______ my favorite food ________ and my mom’s name __________. Put this as your status and see who knows you best. ♥♥♥♥

How many of these are the same facts your bank asks to verify your identity? Put this as your status and everybody — including all the people who want to hijack your bank account and credit cards — will know you well enough to make a viable attempt. And 92% of the time that attempt will work!

2. Your friend [Name here] just answered a question about you!

Was it possible that an old friend answered a question about me that I needed to “unlock”? Absolutely. But when you click on the link, the next screen should give you pause: 21 Questions is requesting permission to…(a) access your name, profile picture, gender, networks, user ID, friends and any other information shared with everyone…(b) send you email…(c) post to your wall…and…(d) access your data any time…regardless of whether or not you’re using their application.

Can you take that access back — ever? It sure doesn’t look like it. There’s no reference to how you can stop them from future access to your data in their “terms and conditions.” Worse yet, it appears that to “unlock” the answer in your friend’s post, you need to answer a bunch of questions about your other friends and violate their privacy too. I didn’t give 21 Questions access to my information, but the roughly 2400+ people who joined “People Who Hate 21 Questions on Facebook” apparently have and can give you insight into just how pernicious this program can be.

3. LOL. Look at the video I found of you!

This is the most dangerous of all the spam messages and it comes in a variety of forms, says Clare. It’s actually a bid to “surreptitiously” install malware on your computer. This malware can track your computer keystrokes and record your sign-in and password information with all of your online accounts.

How does it work? When you click on the link, it says that you need to upgrade your video player to see the clip. If you hit the “upgrade” button, it opens your computer to the crooks, who ship in their software. You may be completely unaware of it until you start seeing strange charges hit your credit cards or bank account. Up-to-date security software should stop the download. If you don’t have that, watch out. But beware that the security program McAfee will not detect such an intrusion, whereas Norton will detect and quarantine such an effort, and issue a warning that such an attempt was detected, blocked and quarantined.

Better yet, if you really think some friend is sending you a video clip, double-check with the friend to be sure before you click on the link. When I messaged my high-school classmate to ask if she’d really sent this, she was horrified. Her Facebook account had been hijacked and anyone who clicked through was likely to have their account hijacked too. That’s how this virus spreads virtually, to dozens of computers almost over-night. Every computer that such a malware program infects provides a host to spread it further. Thus, 2 computers can spread it to 4 computers which can spread it to 16, etc.

4. Help! We’re stuck!

It started out as an email scam, but now the “Help We’re stuck in [Europe/Asia/Canada] and need money” scam has moved to instant messages on Facebook, where it can be more effective. Most people have learned not to react to the email, but instant messages help crooks by forcing you to react emotionally — They’re right there. They need help, now. A friend got one of these messages last week from the parents of a close friend. Her reaction was the perfect way to deal with it: She immediately called her friend and said “Have you talked to your parents lately?” The response: “Yeah. They’re right here.”

Facebook has launched a security system to combat account hijacking that allows crooks to send messages and posts through your account. You can get updates on what they’re doing at Facebook’s security page, where they’ve also got a nice little security quiz that’s definitely worth taking.

5. Please Share This Story.

I pay an astounding amount of money to subscribe to the New York Times because they’re one of the few papers that invests enough money in its staff to support incredibly robust investigative reporting. As someone who believes that democracy relies on that type of journalism, I’m willing to shell out $$$ a year for a daily subscription.

But I won’t share their stories on Facebook.

Why? When I try, up pops the ubiquitous Facebook “Request for Permission” that says they want my name, gender, email, friends, likes, music, movies, books, quotes, interests….and the list goes on. To their credit, the New York Times privacy policy is prominently posted and clear. But they want more privacy than I’m willing to give up. Also to their credit, they allow you to rescind access later. But I’m not convinced that privacy once given up can ever be regained.

To quote Nancy Reagan, when someone asks “permission” to violate your privacy: “Just say no.”

No amount of reading what could happen to you if you are not careful can prepare you for the terrible onslaught of crooks and thieves, until you have had it happen to you. Your best bet is to guard your privacy as if it was your own child, and in that manner you will not become a victim of thieves. -Birdy