Should You Use Facebook to Login to Websites?

Have you ever used Facebook to sign onto another site? Many of us do this pretty blindly simply because it is very convenient. But, this convenience could come at a cost.

You know the drill. You go to a website and it says “Log In With Facebook.” or Google. Usually, it just takes a couple of clicks and no logging in with other usernames or passwords. However, when you do this, Facebook essentially becomes your online identity. This means that anyone who knows these credentials have access to your preferences, posts, and most importantly, your personal information. What’s more is that you might be unknowingly giving permission to a third party to access your profile, view your online activities, and get information about your friends.

What Can You Do About It?

There are some things that you can do to keep yourself safe. First, of course, you should have a different username and password for all accounts. Make sure your passwords are strong and consider using a password manager. This helps to create strong passwords and keeps them safe for you.

If you play games, do quizzes, or other things on a social media platform, make sure that only necessary apps are connected. Stop connecting other apps.

You should also take some time to look at the settings you have set up for your social media accounts. Adjust them to make sure you are protected. Finally, make sure that you are logging out of your social media account when you are done with it. If you log into your social media account on your tablet or mobile phone, make sure that the lock screen is on before putting it away. Also, of course, make sure that you have a strong passcode on your device.

Control Your Data

Now is the time to take control of your data. When you choose to use a social media site to link with third-party services, apps, and sites, the social sites say that it will enhance your experience for the better. It also can make your online time more productive. At the same time, however, it can open you up to exposure, and even be an open door for hackers. It is important to understand what type of permission you are giving these apps when you click “Log in with Facebook.” Finally, if you are a parent, you should make sure that you understand what your kids are doing on social media, and take a look at what type of permission your kids have given to third-parties.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Do Not take that Stupid Facebook Quiz

Where should you live in the world? What Game of Thrones family are you in? What is the food that best describes your personality? All of these answers are given and found by doing quizzes on Facebook. You have surely seen them if you use Facebook, and have may have taken these quizzes, but you definitely might want to consider stopping. If you have ever used one of these quizzes, you have probably given these third-party apps permission to access some of your personal data. Not only does this affect you, it might also affect the people on your friends list. How does it affect you? These answers can sometimes crack password reset questions,

Here are some tips that you can use to protect yourself:

Use Two-Factor Authentication – Almost all social media sites offer two-factor authentication. This allows you to further lockdown your accounts, as you won’t be able to sign in with only a password. Instead, you need a password and a code, which is often sent to you via text message. So, no one can log into your account even if they have your password, unless they also have access to your phone and texts.

Stop Taking Quizzes – The best thing you can do to protect yourself is to stop taking those quizzes. Though they look innocent enough, every click gives the company information on you. It’s true that not all companies collect your personal info, but you really have to do some digging in the terms of service to see if they do or not.

Check Your Privacy Settings – When is the last time you reviewed your privacy settings on Facebook? If you are like most of us, it’s probably been awhile. So, take some time to log in and do this. If you need a tip, choose to only share with yourself by clicking “Only Me” on all of the settings. That’s the safest, but after all, this is SOCIAL media, so you might want to pick and choose.

Look at What You Share – You should also look in your app security to find out what you are sharing with third-parties. You might be surprised at what you see.

Delete Old Accounts – Finally, make sure that you take a look at, and delete, any old social media accounts. If you don’t want to delete it, at a minimum, change your password. Also, Google yourself and see what accounts come up. If you can find it, you can bet that a hacker can.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Facebook CEO Password dadada hacked

If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account!

14DIf this got Mark Zuckerberg’s (Facebook’s chief executive).  Twitter account hacked, it can get just about anybody hacked.

A report at nytimes.com says that the OurMine hacking group takes credit for busting into Zuckerberg’s accounts including LinkedIn and Pinterest. It’s possible that this breach was cultivated by a repeated password of Zuckerberg’s.

According to OurMine, Zuckerberg had been using the same password for several accounts. Not only is that asking for trouble, but the password itself is highly crackable: dadada. Don’t laugh. A hacker’s software will find this in minutes.

How to Protect Your Accounts

  • Change any passwords that are used more than once.
  • Change any passwords that contain keyboard sequences, repetitions of letters or numbers (252525 is akin to dadada), or actual words or proper nouns.
  • If the idea of overhauling your passwords is overwhelming, use a password manager (e.g., RoboForm). A password manager will create long, unique passwords that are different for every account, and you won’t have to remember them because the manager will issue you a master password.
  • See which accounts offer two-factor authentication, then sign up. This is a tremendous step towards preventing being hacked. So if an unauthorized person attempts to log into your Twitter or LinkedIn account, this will send a code to your cell phone that needs to be entered before the account is accessible. Unless the hacker has your cell phone, he won’t be getting into your account.
  • Some say every 90 days, or at least twice a year, change all of your passwords. I think that’s a bit much. Different and strong is what matters most.

Visit Have I Been Pwned to see if your e-mail account has been hacked. I did. 6 of my accounts showed up as being part of data dumps of sites that were hacked. Then I checked all 6 accounts, all had different passwords, but I still changed them. One was gmail, but with two factor verification/authentication, I’ve had no issue. Simply type your e-mail address into the field and click “Pwned?” If the result shows bad news, then you must immediately change your password to one that you’ve never had before—and at least eight characters and unique.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Facebook Photos bust Bank Robber

Do these bank robbers have bricks for brains? They actually posted photos of themselves with wads of the stolen cash on Facebook, says a story on thesmokinggun.com.

The alleged bank robers are John Mogan, 28 and Ashley Duboe, 24, and they’ve been charged with robbing a bank in Ohio. Mogan has already served time for a previous bank robbery conviction and was out on parole.

It all started when Mogan apparently sauntered into the bank and demanded money with a note. It’s not clear from the article whether or not Mogan brandished a weapon. At any rate, the teller handed over the money.

A video camera shows a thief in a hoodie exiting the bank with cash in his hands. Mogan has a distinct appearance in that both cheeks are tattooed.

Authorities believe that Duboe covered up the facial (and neck) tattoos with makeup prior to the robbery. Four days later, both geniuses posted their images to the Facebook page that they share, with Mogan pretending to bite into a thick wad of bills—which he refers to as a “McStack.” In another incriminating image, Mogan is pretending that the wad of cash is a phone.

A relative spotted the images, and from that point, things went sour for these Bonnie and Clyde wannabes. Both are currently behind bars, and the bond has been set at $250,000. Let’s see Mogan try to make a “McStack” with that amount and put his mouth around it.

Not surprisingly, neither of these two look too smug in their mug shots.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

App Tells Who’s Digging into Your Personal Data

Did you know that sometimes, the apps you use for your smartphone have access to your personal information and are capable of sharing it? Are you aware that your privacy can be invaded across the network board? That includes Twitter, Facebook, Instagram, LinkedIn, Google+ and more.

1PAnd how can you tell which applications can do this? MyPermissions can tell you. Once you load this and do some setting up, you’ll see which apps on your device has access to your information.

For instance, it’s not just a matter of who can get your information, but how often and just what, such as your contact list, photos and more. The more apps you use, the more likely your personal information is getting “shared,” i.e., leaked into cyberspace without your knowledge.

MyPermissions will alert you when an application barges into your sensitive information. It will give you control over who gets access to your data.

Without MyPermissions, it’s like walking through a crowded area and dropping one copy after another of your driver’s license, bank statement, credit card and family contacts.

So let’s suppose you’d like to start with Facebook. You tell MyPermissions you’d like a scan. MyPermissions will use your FB account to look for external connections. You’ll have a dashboard to see who’s getting into your information and you’ll be directed in how to stop this.

Worried if MyPermissions will share your data? Don’t. It will never collect, store or use any of your private information.

A similar application is that of Online Privacy Shield (free from Google Play Store). It will tell you which of your apps are nosing around in your private files and what they’re getting. And you could control who gets what.

Instagram, Twitter, Facebook, LinkedIn, etc., all have different ways for terminating access to your privacy, so bear with that—don’t expect all to terminate with one simple click just because one particular service has a one-click termination.

Be prepared for a shock: Hundreds of apps may have access to your sensitive data. You’ll need to embrace and appreciate the time required to get all of this straightened out. But when all is said and done, you’ll be glad you took that time.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Time to check your Facebook Privacy settings

Did you know that, once again, Facebook has changed its privacy policies? At the top of the FB page is a lock icon. Click it for more privacy settings.

14DWhat do visitors see? To view how visitors see your Facebook page, go to “Timeline and Tagging,” then hit “Review what other people see on your timeline/View As.”

Posts by friends. Click “Timeline and Tagging” to prevent a visitor’s unwanted post from showing. Then click “Enabled,” as this will allow you to “review posts friends tag you in before they appear.” Designate who can post on your timeline, ideally just “Only Me.”

Unauthorized logins. To prevent someone from logging onto your FB account, go to “Security” and click “Login Approvals,” and proceed from there. This way if someone tries to login from a computer other than your own, they’ll need to see the security code that FB sends to your mobile phone.

Search engine access. If you don’t want everyone finding your Facebook page by simply entering your name into a search engine, click “Privacy,” then “No” to “Do you want other search engines to link to your timeline?”

Old posts. In the “Privacy” setting is an option for limiting old images. You may not want everyone to see all of your timeline. You can also set up things so that you can review new posts by others as they come in.

Liked businesses. Where it says “Ads and Friends” click “Ads,” then “Edit.” Next click “No One” where it says “Pair my social actions with ads.” This will prevent you from becoming associated with a particular business.

Apps. Go to “Apps” if you don’t want everyone seeing what apps you use on Facebook. Change the “App Visibility” to “Only Me.” In “Apps Settings” are more options.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

15 Top Facebook Privacy Tips

You wouldn’t have to worry about privacy issues on Facebook if you didn’t post sensitive, private information on Facebook…such as information that one day can be used against you. And really, you should share only what you consider “professional” information, even with family. Just stop with the nonsense.

At any rate, it’s important to know how to use Face14Dbook’s privacy features, which change from time to time. Here are useful tips.

  1. Go to Start, then Account, then Privacy Settings, then Edit Your Profile.
  2. In the Edit Your Profile feature, go through everything there and set things up. There are multiple data fields. To get their drop-down menus, hit the lock on the right of the fields.
  3. Review posts friends tag you in before they appear on your timeline” Set this so your friends can’t make posts that include you that appear on your timeline without your knowledge and/or permission. A friend may tag you in something racist or sexist that makes you look bad by association.
  4. “Ads and Friends.” Set this so people can’t see which businesses you have friended if you’d like. For example, if you’re Liked a “bondage” shop because it was funny to Like it, it might not be in your best interests that a potential employer sees this.
  5. “Do you want other search engines to link to your timeline” Set this to prevent people from finding your timeline entries when they do Google searches. Theres no reason a private FB needs this setting live.
  6. “Limit the audience for posts you’ve shared with friends of friends or Public?” Set this to avoid letting a wide audience see your old posts. You may have had a cock tail or two one night and posted something you may regret the next day.
  7. “Log-in approval” This is big. signing up for this ensures that no one else can easily log into your Facebook account.
  8. Friends Lists. Click Edit Friends after you click Account. Go to Create a List to categorize your “friends,” such as those from work only or “share everything.”
  9. To restrict access, you can choose something on your friends lists to narrow the field, such as your created category of “childhood close friends.” Play around with the options. You’ll see an option called Custom, which breaks down to Select Specific People. Be patient and tinker around a bit. If you don’t want your nosy neighbor to see anything, click “Hide this from.”
  10. Under Privacy Settings is Apps and Websites. Other people’s apps can take your information and post it elsewhere. Go to Apps you Use, and How People Bring Your Info Into Apps They Use. You’ll be able to tell who’s taking information from you. But you can disable this too. If you only want select people to know you have an FB page, turn off the Public Searches function. Then, if someone googles your name, your FB page won’t show in the results.
  11. The How Tags Work feature controls tags about you on your page only. You’ll see an option called Friends Can Check You Into Places. Turn this off. Otherwise, one of your “friends” could blab personal information about you. (Gee, at this point, it’s easy to understand why some people just don’t have a FB account—including the most social, outgoing people you’ve ever known.)
  12. To see how your profile looks to visitors, click View As at the top right.
  13. Click on How You Connect under Privacy Settings. This feature determines/controls who can interact with you and view your posts. Again, play around with this.
  14. The Block Lists under Privacy Settings will block whomever you please from contacting you.
  15. Continue spending time in Privacy Settings to further refine your preferences.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

10 most dangerous Facebook Scams

Twenty percent of the world’s population is “on” Facebook—that’s well over a billion people.

14DTop 10 Most Popular Facebook Scams

  1. Profile visitor stats. It’s all about vanity. It doesn’t take long for any new Facebook user to see an ad offering to reveal how many people are viewing your profile. You can even find out who’s viewing. It must make a lot of FB users feel validated to know how many people are viewing them and just whom, because this scam comes in at the top.

    Is it really that important to know how many people are viewing your profile? Even if your self-worth depends on this information, Facebook can’t provide it. These ads are scams by hackers.

  2. Rihanna sex tape. What a sorry life someone must be leading to be lured into clicking a link that promises a video of a recording star having sex. Don’t click on any Rihanna sex tape link, because the only intimacy you’ll ultimately witness is a hacker getting into your computer.
  3. Change your profile color. Don’t click on anything that relates to changing your FB profile color. Facebook is blue. Get over it. You’ll never get red, purple, pink, black, grey, white, red, orange or brownish-magenta. Forget it. Deal. If you see this offering in your news feed, ignore it. It’s a scam.
  4. Free Facebook tee shirt. Though this offering seems quite innocuous, anyone who never rushes to click things will realize that this can’t possibly be legitimate. Do you realize how much a billion tee shirts cost? Even if you don’t know that one-fifth the world’s population uses Facebook, you should know that an enormous number of people use it and they aren’t getting a t-shirt.
    1. Where would Facebook get the money to 1) produce all those tee shirts (even if one-tenth of FB users wanted one, that’s still a LOT of money), and 2) mail the shirts out, and 3) pay reams of people to package the shirts and address the packages? People, THINK before you click!
  5. See your top 10 Facebook stalkers. This is just so funny, how can anyone take it seriously and be lured into clicking it?
  6. Free giveaways. It’s cliché time: Nothing’s free in this world—certainly not on Facebook. End of story.
  7. See if a friend has deleted you. This, too, sounds suspicious. And besides, is it really that important if a “friend” has deleted you? Do you even personally know every individual who has ever friended you? This feature does not exist. You’re better off pretending that nobody would ever want to delete you because you’re so special! But actually, there are plug-ins available that perform this function, but still, stay away.
  8. Find out who viewed your profile. Again, here’s a scam that works well on people who have too much time on their hands. This function doesn’t exist on Facebook.
  9. Just changed my Facebook theme and it’s rad! Ignore this at all costs.
  10. Tragedy of the day. Whenever there is something horrific going on such as Mother Nature getting all murderous or some manmade disaster or even a celebrity dying, you can be sure Facebook scammers are on top of the breaking news with a “video” or “photo” that simply isn’t. Just don’t click it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware of Flight MH17 Facebook Scams

How low can scammers go? The latest is phony Facebook profiles that use identities of deceased victims of Malaysia Airlines Flight MH17—claiming their credit cards were stolen from the crash debris.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813“Death hunters,” says Ukrainian MP Anton Gerashchenko on his Facebook page, are collecting jewels, cash and credit cards off of the victims. His post urges victims’ relatives to “freeze their credit cards, so that they won’t lose their assets to terrorists!”

The Dutch Banking Association assured next-of-kin that they’d be compensated for the fallout of credit card theft.

Journalist Phil Williams was at the crash site and pointed out that it was obvious that wallets and handbags had been stolen. Just about all the handbags had been opened, he reports. Looting is apparent, he says.

Mark Rutte, the Dutch Prime Minister, used the term “utterly disgusting” to describe how the rebels had treated the corpses.

But beyond the site is even more alarming activity: fake Facebook accounts. At least five phony FB accounts have been set up in the names of deceased Australians—including three kids. Facebook has since shut down the pages.

The pages provided a link to a video claiming to reveal footage of the airliner’s crash. However, users instead were directed to a website full of pop-up ads for fishy-looking services. The lure to this site was a malicious link tagline: “Video Camera Caught the moment plane MH17 Crashed over Ukraine. Watch here the video of Crash.”

You can imagine how many people—not necessarily next-of-kin, took the bait and made the click. Though these particular fraudulent pages were closed down, this doesn’t mean more won’t appear.

Is this common after a disaster?

It seems to be more common, as criminals are capitalizing on current events to perpetrate scams generally within a 24-48 hour period.

Tips for spotting these scams for consumers in general:

Thinking before you click, doing research and not being so impulsive will keep consumers from being baited by scammy links, titles and stories.

Tips for family members of the deceased:

They should cancel credit cards, create fraud alerts through their country’s credit bureaus, and once death certificates are obtained they need to submit them to the credit bureaus. Otherwise set up Google alerts with the decedents’’ names to monitor any chatter on social sites that may turn up their likeness in a stolen social media identity theft case.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Hackproof your facebook account

With over one billion people connected to Facebook, we have to assume that many of them are criminals. (Criminals are people with friends too!) But the criminals we need to be concerned about are the ones who create all kinds of scams designed to do everything from getting us to open our wallets to clicking links so we enter our personal information that lets them infect our devices.

4DHere’s some insight as to what they may do to get access to you and your account:

Phishing: Emails coming into your inbox right now may in fact be coming from Facebook because by default, you allow that contact in your notifications settings. The problem is that at any time, scammers can duplicate these same emails and you may never know what’s real and what’s fake.

  • Never click links in Facebook emails. Instead, simply log in via your favorites menu or use a password manager. Anything you need to do is right there in your notifications menu.
  • Turn off email notifications. Do you really need 20 emails a day telling you that someone just liked or commented on what you posted? Seriously? Go feed the homeless if you have that much time on your hands.
  • Stay out of your spam folders. Most internet service providers and email providers to a pretty good job of filtering out spam and phishing emails. But if you go into spam and start clicking away, you’ll get yourself in trouble.

facebookInfected links: Criminals know how to get your attention to entice you to click links. They create copy that is supposed to elicit emotional responses that send you deep into their rabbit hole. This status update is a perfect example of someone who is now infected because the user probably clicked on this and is now sharing it with everyone else, just like a virus. Everything about this screams CLICK ME!

  • Don’t mindlessly click links simply because you need to know what they’re going to show you. Be conscious about scams and fraud, and know scammers are paying attention.
  • Keep your browsers up to date, as well as your antivirus, antispyware, antiphishing and a firewall.

Wireless hacks: Whenever using a free WiFi connection, there is always the possibility your device, its data and your accounts can be compromised. Free WiFi is not secure; it has no encryption, and your data is right there for criminals to sniff.

  • Set up encryption on your home or office router. At a minimum, use WPA or WPA2 encryption to secure your data.
  • Use a VPN (virtual private network) such as Hotspot Shield VPN that locks down and encrypts your wireless communications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.