Should You Use Facebook to Login to Websites?

Have you ever used Facebook to sign onto another site? Many of us do this pretty blindly simply because it is very convenient. But, this convenience could come at a cost.

You know the drill. You go to a website and it says “Log In With Facebook.” or Google. Usually, it just takes a couple of clicks and no logging in with other usernames or passwords. However, when you do this, Facebook essentially becomes your online identity. This means that anyone who knows these credentials have access to your preferences, posts, and most importantly, your personal information. What’s more is that you might be unknowingly giving permission to a third party to access your profile, view your online activities, and get information about your friends.

What Can You Do About It?

There are some things that you can do to keep yourself safe. First, of course, you should have a different username and password for all accounts. Make sure your passwords are strong and consider using a password manager. This helps to create strong passwords and keeps them safe for you.

If you play games, do quizzes, or other things on a social media platform, make sure that only necessary apps are connected. Stop connecting other apps.

You should also take some time to look at the settings you have set up for your social media accounts. Adjust them to make sure you are protected. Finally, make sure that you are logging out of your social media account when you are done with it. If you log into your social media account on your tablet or mobile phone, make sure that the lock screen is on before putting it away. Also, of course, make sure that you have a strong passcode on your device.

Control Your Data

Now is the time to take control of your data. When you choose to use a social media site to link with third-party services, apps, and sites, the social sites say that it will enhance your experience for the better. It also can make your online time more productive. At the same time, however, it can open you up to exposure, and even be an open door for hackers. It is important to understand what type of permission you are giving these apps when you click “Log in with Facebook.” Finally, if you are a parent, you should make sure that you understand what your kids are doing on social media, and take a look at what type of permission your kids have given to third-parties.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Hey Kids, the Internet is FOS

The internet is a beautiful place. It is the way we communicate, the way we create, and the biggest business platform that has ever been generated. However, it is also a hazard, as anyone can put anything on it, and it’s extremely difficult to tell fact from fiction…especially if you are a kid.

A Stanford study looked at the ability, or inability in this case, of almost 8,000 students to tell fake news stories from real ones. The results, to be blunt, are terrible. When focusing on the students who were in middle school, 80 percent of them were unable to tell the fake news from the real stories, and they didn’t get better as they got older. When the researchers looked at high schoolers, they really fared no better, and more than 80 percent of them accepted that fake pictures were true without question. The results of this study should scare us all.

Part of the problem here is that we don’t have enough gatekeepers to fact check, edit, or vet the news that is going out there. Anyone with a computer can create a very realistic looking news site, and essentially, they can create stories about whatever they want. As you have probably noticed during the election, many adults also get caught up in the fake news that’s out there, and if adults can’t discriminate between what’s real and what’s fake, how can we expect children to?

The writers who create these fake news stories are very skilled, and when you put them up against the minds of others, especially children, it’s really not a fair fight. These students have to be taught how to use the internet, and it has to be soon. Kids are using the internet as young as two or three years old, and by the time they get to school, they can navigate the pages of the web better than many adults.

Speaking of school, how does the concept of internet literacy fit in with the typical curriculum in schools? Internet literacy, online behavior, reputation management, security and fake news are part of the same puzzle.

When computers first began to be commonplace in schools, most students took a class to learn how to use the mouse, keyboard, and basic programs. Now, these acts are usually learned before a child even gets to school, and the classes that are taught teach kids how to not only work a computer, but also how to be a good online citizen. The problem is, however, is that these classes are not given the same focus as other educational standards.

Further complicating things is that many teachers believe that teaching these concepts is not their responsibility. Instead, they believe that it is the job of others, such as the librarian, teacher’s assistant, or IT person.

If students are taught to consider what the intentions of the writer, or even the sources are, they will be able to eventually learn to sense the bias they have. When children can understand this concept, they can then learn about how news and other information gets from the writer to the readers. The internet creates a totally new concept for how news travels, and we all must recognize that when we click, we ultimately create a trail for more information to follow.

Will this new instruction be enough? We have reason to have hope. For instance, some social media outlets, such as Facebook, have recently announced that they will take steps to eliminate a lot of this fake news. Additionally, if we look at the history of humanity, when new innovations are introduced, such as when the printing press was invented, we, as humans, saw improvements in our lives.

It is also quite promising that children are not making the same mistake that their parents have made…they aren’t on Facebook much, which is where most of these fake news stories are found. Instead, children are in Instagram, YouTube, SnapChat and others. This information has been backed by a number of sources, and one study shows that teens are not using Facebook for their news. Instead, they are getting news from television or on Snapchat, which has recently rolled out a news delivery feature.

The bottom line here is that the original study from Stanford is disheartening, but there is a glimmer of hope since kids these days aren’t getting their news from the same places as the previous generation, like Facebook. Instead, they are using a mixture of traditional and digital sources that will likely help them to become more informed.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Facebook CEO Password dadada hacked

If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account!

14DIf this got Mark Zuckerberg’s (Facebook’s chief executive).  Twitter account hacked, it can get just about anybody hacked.

A report at nytimes.com says that the OurMine hacking group takes credit for busting into Zuckerberg’s accounts including LinkedIn and Pinterest. It’s possible that this breach was cultivated by a repeated password of Zuckerberg’s.

According to OurMine, Zuckerberg had been using the same password for several accounts. Not only is that asking for trouble, but the password itself is highly crackable: dadada. Don’t laugh. A hacker’s software will find this in minutes.

How to Protect Your Accounts

  • Change any passwords that are used more than once.
  • Change any passwords that contain keyboard sequences, repetitions of letters or numbers (252525 is akin to dadada), or actual words or proper nouns.
  • If the idea of overhauling your passwords is overwhelming, use a password manager (e.g., RoboForm). A password manager will create long, unique passwords that are different for every account, and you won’t have to remember them because the manager will issue you a master password.
  • See which accounts offer two-factor authentication, then sign up. This is a tremendous step towards preventing being hacked. So if an unauthorized person attempts to log into your Twitter or LinkedIn account, this will send a code to your cell phone that needs to be entered before the account is accessible. Unless the hacker has your cell phone, he won’t be getting into your account.
  • Some say every 90 days, or at least twice a year, change all of your passwords. I think that’s a bit much. Different and strong is what matters most.

Visit Have I Been Pwned to see if your e-mail account has been hacked. I did. 6 of my accounts showed up as being part of data dumps of sites that were hacked. Then I checked all 6 accounts, all had different passwords, but I still changed them. One was gmail, but with two factor verification/authentication, I’ve had no issue. Simply type your e-mail address into the field and click “Pwned?” If the result shows bad news, then you must immediately change your password to one that you’ve never had before—and at least eight characters and unique.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Facebook Photos bust Bank Robber

Do these bank robbers have bricks for brains? They actually posted photos of themselves with wads of the stolen cash on Facebook, says a story on thesmokinggun.com.

The alleged bank robers are John Mogan, 28 and Ashley Duboe, 24, and they’ve been charged with robbing a bank in Ohio. Mogan has already served time for a previous bank robbery conviction and was out on parole.

It all started when Mogan apparently sauntered into the bank and demanded money with a note. It’s not clear from the article whether or not Mogan brandished a weapon. At any rate, the teller handed over the money.

A video camera shows a thief in a hoodie exiting the bank with cash in his hands. Mogan has a distinct appearance in that both cheeks are tattooed.

Authorities believe that Duboe covered up the facial (and neck) tattoos with makeup prior to the robbery. Four days later, both geniuses posted their images to the Facebook page that they share, with Mogan pretending to bite into a thick wad of bills—which he refers to as a “McStack.” In another incriminating image, Mogan is pretending that the wad of cash is a phone.

A relative spotted the images, and from that point, things went sour for these Bonnie and Clyde wannabes. Both are currently behind bars, and the bond has been set at $250,000. Let’s see Mogan try to make a “McStack” with that amount and put his mouth around it.

Not surprisingly, neither of these two look too smug in their mug shots.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

15 Top Facebook Privacy Tips

You wouldn’t have to worry about privacy issues on Facebook if you didn’t post sensitive, private information on Facebook…such as information that one day can be used against you. And really, you should share only what you consider “professional” information, even with family. Just stop with the nonsense.

At any rate, it’s important to know how to use Face14Dbook’s privacy features, which change from time to time. Here are useful tips.

  1. Go to Start, then Account, then Privacy Settings, then Edit Your Profile.
  2. In the Edit Your Profile feature, go through everything there and set things up. There are multiple data fields. To get their drop-down menus, hit the lock on the right of the fields.
  3. Review posts friends tag you in before they appear on your timeline” Set this so your friends can’t make posts that include you that appear on your timeline without your knowledge and/or permission. A friend may tag you in something racist or sexist that makes you look bad by association.
  4. “Ads and Friends.” Set this so people can’t see which businesses you have friended if you’d like. For example, if you’re Liked a “bondage” shop because it was funny to Like it, it might not be in your best interests that a potential employer sees this.
  5. “Do you want other search engines to link to your timeline” Set this to prevent people from finding your timeline entries when they do Google searches. Theres no reason a private FB needs this setting live.
  6. “Limit the audience for posts you’ve shared with friends of friends or Public?” Set this to avoid letting a wide audience see your old posts. You may have had a cock tail or two one night and posted something you may regret the next day.
  7. “Log-in approval” This is big. signing up for this ensures that no one else can easily log into your Facebook account.
  8. Friends Lists. Click Edit Friends after you click Account. Go to Create a List to categorize your “friends,” such as those from work only or “share everything.”
  9. To restrict access, you can choose something on your friends lists to narrow the field, such as your created category of “childhood close friends.” Play around with the options. You’ll see an option called Custom, which breaks down to Select Specific People. Be patient and tinker around a bit. If you don’t want your nosy neighbor to see anything, click “Hide this from.”
  10. Under Privacy Settings is Apps and Websites. Other people’s apps can take your information and post it elsewhere. Go to Apps you Use, and How People Bring Your Info Into Apps They Use. You’ll be able to tell who’s taking information from you. But you can disable this too. If you only want select people to know you have an FB page, turn off the Public Searches function. Then, if someone googles your name, your FB page won’t show in the results.
  11. The How Tags Work feature controls tags about you on your page only. You’ll see an option called Friends Can Check You Into Places. Turn this off. Otherwise, one of your “friends” could blab personal information about you. (Gee, at this point, it’s easy to understand why some people just don’t have a FB account—including the most social, outgoing people you’ve ever known.)
  12. To see how your profile looks to visitors, click View As at the top right.
  13. Click on How You Connect under Privacy Settings. This feature determines/controls who can interact with you and view your posts. Again, play around with this.
  14. The Block Lists under Privacy Settings will block whomever you please from contacting you.
  15. Continue spending time in Privacy Settings to further refine your preferences.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Predators use Facebook to groom Kids

Lock this guy up for good. That’s a most fitting motto for Brandon McIntyre, 22, who pretended he was “Katie Thompson” on Facebook and threatened to kill a girl’s family if she refused to go on trips with him.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294This New Jersey nutcase made another ridiculous threat (ridiculous, because, how could he think that even young victims could take him seriously?) to a 12-year-old, telling her he was a cop who’d have her expelled from school and sent to state prison for failing to obey a police officer. The “order” was to send him explicit photos of herself.

Posing as a police officer, he even told a woman via texting he’d have her daughter taken away if she refused to go on a date with him. He could get 30 years in federal prison and fines totaling half a million dollars.

The next predator was a bit more convincing, using Facebook to talk a boy into ducking out of his home in the middle of the night to meet him. Adam Brown, 21, was caught by the victim’s mother. Brown got the boy’s confidence first by posting videos of himself and telling jokes. The boy’s mother worked nights and his grandmother watched him and his siblings.

One night she returned to find their dog acting strange; she discovered the boy wasn’t in his bed. She contacted him via cell and he said he was just out walking. She drove out and picked him up, took away his phone and computer, and demanded his passwords. She then gained access to the cyber dialogue between him and Brown. In the dialogue, Brown told the boy that the boy was cute. And the dialogue got worse. The boy actually met Brown, who had threatened suicide if he refused.

His mother told Brown, after contacting him, to cease contact with her son, but he contacted him again and made creepy comments.

  • Get full access to your kids social accounts.
  • Monitor their device activity without notice.
  • Have in-depth detailed conversations about how predators lure kids.
  • Read every news report about these issues and discuss with your kid.
  • Turn off all wireless and wired internet at night so kids can’t have access.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Facebook Security for Parents and Teens

Facebook offers a hefty amount of security measures that parents and teens should know.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813The Login

  • Social authentication. A hacker will have a harder time hacking into your Facebook account if he or she must identify your friends via photos. This verification process is social authentication, and it’s easier to use than having to remember another password.
  • ID verification. A new user must create a security question with an answer. An extra layer of security is achieved when the user adds their smartphone number so they can receive a text message with a code.
  • One-time password. You can get a one-time password; just send a text to 22605.
  • Login approval. Suppose someone logs into your account with an unfamiliar device. A code will be sent to your mobile. The user will need to verify the login next time they try to log in.
  • Session classifier. Every login is verified using details like your device and location.

Online

  • Application classifier. This checks out application activity to see if it’s suspicious.
  • User action classifier. This detects when a user’s behavior is suspicious.
  • Link scanner. Every day, Facebook scans over a trillion links. Every link is compared against not only Facebook’s, but also other Internet security companies’ databases of known malicious or spammy links.
  • Photo DNA. About 300 million photos are uploaded every day to Facebook, and Facebook compares these to its blacklist database of images from international, federal and state law enforcement agencies.

The Logout

  • Hacking suspicion. If you suspect something fishy, you can manually shut Facebook down and reset your password.
  • Login alert. You can approve the device you use to log in, though you can get a security notification if you log in from an unapproved device.
  • Guardian angel. If you can’t gain access to your account, your friends can receive a code. Then pre-select these individuals from the account settings page.
  • Roadblock. Your profile will be locked by Facebook and scanned with security software, should your account be infiltrated with malware. A cleaned-up account will be certified by Facebook.
  • Remote logout is available.

Considerations for Teens

The age setting. Many kids lie about their age on social media. Have your child sign into Facebook and go to the profile “About” page to make sure their birthdate is correct.

Liking ads. Warn you kids about what can happen if they “like” an ad. Liking an ad will likely result in receiving updates from the ad page, and the user’s name could become associated with future renditions of the ad. Is this what your teen wants? Ask your teen how important it is for them to “like” an ad just because the ad has this feature.

Unliking. Once you “like” something, doesn’t mean you can’t unlike it. To find out what your teen has liked, visit the profile page and click “More,” “Likes,” then “Other Likes.” Hover at the upper-right corner; a pop-up box will result with a choice to unlike. Learn of your teen’s apps by going to Facebook’s main page to click on “Apps,” located on the news feed’s left side. Here you can disconnect applications.

Flag ads. Think an ad is inappropriate? Flag it by clicking the small “X” or down-arrow located at the top right of the unappealing ad. Click “I don’t want to see this,” then “It’s offensive or inappropriate,” and then click the reason.

Free games may mean free unwanted software. Warn your teens that downloading a free game can also download a lot of undesirable clutter.

Although Facebook now uses SSL encryption with login and user sessions, it’s still a good idea to use an additional layer of protection on wireless sessions. Hotspot Shield encrypts your entire web surfing on any site, no matter its security settings.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Would You Use Facebook To Catch a Bad Guy?

In Oklahoma, the OK state, an elderly couple was home invaded and held at knifepoint, and the woman was knocked to the ground. During the ensuing abuse, their home was robbed and the predator got away. Not OK.

1D

The police were notified and a description of the home invader was provided to the police. Shortly after, the victims’ granddaughter decided the best course of action would be to post the description on Facebook with the intent of spreading the word to catch him.

Due to the heinous actions of the thief and the fact he was on the loose, the Facebook post went viral, with over 9,000 shares in a short time. The perpetrator’s brother in-law (of all people) saw the Facebook posting and recognized the description, then quickly contacted the granddaughter, then called the police to report his relative. (I’d love to attend their Thanksgiving dinner. Must be a hootin,’ hollerin’ good time!)

Anyway, while justice was served, the local police frowned upon this type of viral APB. Seems the police have a good point, and the force’s public information officer stated, “Friends and family members of the suspect could see that and alert the individual we are out there looking for [him]. … The suspect then could try to hide, run away or even destroy evidence. We always want the public to contact the police first.”

Point well taken. To support the officer’s statement, one only need to look as far as the Boston Marathon bombing and the witch hunt that ensued when Reddit “investigators” accused the wrong guys of planting the bombs. One of them ended up dead a short while later for reasons that are still not clear to me.

What do you think? I think a burglar alarm may have prevented the whole drama from happening in the first place. But would you rely on the internet to help find the bad guy? I’m partial to a yes vote.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

15 Facebook Fiascos to Watch Out For

The following 15 activities, all of which are facilitated by Facebook and other social networking websites, are causing lots of heartache and headaches:

1. Posting illegal activities. In the little town where I grew up, 30 kids recently faced the wrath of their parents, school officials, law enforcement, and the Boston media, all because someone posted their party pictures, which depicted underage drinking, on Facebook. It’s never okay to show illegal behavior.

2. Account hijacking. Phishers imitate the Facebook email template, tricking victims into believing they have received an official Facebook message. Once you enter your login credentials, criminals can take over your account, pose as you, and ask your friend for money. Always log into your Facebook account manually, rather than going through a link in an email.

3. Facebook bullying. It is so much easier to write something awful about someone than it is to say it to them personally. Words hurt. Vicious words have led to kids committing suicide. Friend your kids and see what their online dialogue looks like.

4. Online reputation management (or lack thereof). I’ve seen teachers, professors, students, officials, police, and others from just about every walk of life get fired because of words or pictures they posted on Facebook. Remember, if what you post wouldn’t pass the potential employer test, don’t do it.

5. Social media identity theft. When someone snags your name, posts a photo as you, and begins to communicate while impersonating you, the effects can be devastating. Grab your name on as many sites as possible, including Facebook. Knowem.com can help speed up this process.

6. Financial identity theft. Bad guys use Facebook to crack your passwords. Most online accounts use “qualifying questions” to verify your identity. These questions tend to involve personal information, such as your kids’, other relatives’, or pets’ names or birthdays. When the bad guys find this information on your Facebook page, they can reset your passwords and steal your identity. So limit what you post, and lock down your privacy settings.

7. Burglaries. Criminals have been known to check Facebook statuses to determine if potential victims are home or not. Publicly declaring that you’re not home creates an opportune time for burglars to ransack your house. Never post this information on Facebook.

8. Geo-stalking. Location-based GPS technologies incorporated into social media are perfect tools for stalkers to hone in on their target. Please just turn these settings off.

9. Corporate spying. By posing as an employee, setting up a Facebook group, and inviting all the company’s employees to join, the bad guy gathers intelligence that enables him to commit espionage from within the organization.

10. Harassment. This goes beyond bullying. In one example, a woman was on a camping trip and unreachable by phone when her Facebook account was taken over. The “harasser” wrote all kinds of desperate status updates posing as the woman, leading concerned friends and law enforcement to her house, where they broke down her door.

11. Government spying. Who is that new friend? The AP reports, “U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects.” Just don’t be a “suspect.”

12. Sex offenders. Facebook is perfect for sex offenders, who pose as real nice people until they gain their victims’ trust. Always be on guard, and do background checks, at least.

13. Scams. It’s just a matter of setting up a fake Facebook page and marketing it to a few people, who then send it to their friends, who send it to their friends. An Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card. Like mom said, if it sounds too good to be true, it’s probably not true.

14. Legal liabilities. In New York, a judge recently ruled that material posted on Facebook and other social networking websites can be used as evidence in court, regardless of whether the posts were hidden by privacy settings.

15. Zero privacy. If you think for one second that what you post on Facebook is for you and your friends’ eyes only, you simply don’t understand how the Internet works. Many sites are capable of pulling data from the bowels of Facebook, despite any privacy settings you may have in place. And that data can be stored forever, which means that it can come back to bite you long after you’ve forgotten you ever posted it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers on social media on CNN. Disclosures


100 Million Facebook Profiles Published via P2P

Personal information on 100 million Facebook users has been scraped from the social media site and is being shared and download as a single file via what is called a Bittorrent. BitTorrent is a peer-to-peer (P2P) file sharing protocol used for distributing large amounts of data.

Facebook  takes on the issue is the data that was scraped wasn’t private at all. To a degree, I agree. The data is being shared through the site, it’s already public.

Here’s how it went down: a good guy hacker developed a program that went through all 500 million profiles and was able to skim (scrape) all the data from Facebook that wasn’t locked down via the users Facebook privacy settings. Basically if you didn’t lock your privacy settings down, it’s now available in this file. If you lock down your settings today, it’s still in this file.

What’s the point? Hackers like to tinker, and some like to make a point. It seems the hacker here wanted to make a point that your data on social media is up for grabs whether you like it or not.

What’s the risk? It seems the format and way the data was compiled is now searchable in a way that can benefit advertisers and marketers. Can it be used by thieves? It’s too early to tell. In this situation my first concern would be data that you may not want to be around in 20 years that may damage your reputation down the road.

This incident should highlight the lack of privacy and lack of security that exists in social media. Recognize that whatever information you share online, can ultimately end up in anyone’s hands, whether you like it or not.

Lock down your privacy settings and be very conscious of what you share. It may bite you someday.

Robert Siciliano personal and home security expert to Home Security Source discussing social media Facebook scammers on CNN. Disclosures.