15 Facebook Fiascos to Watch Out For

The following 15 activities, all of which are facilitated by Facebook and other social networking websites, are causing lots of heartache and headaches:

1. Posting illegal activities. In the little town where I grew up, 30 kids recently faced the wrath of their parents, school officials, law enforcement, and the Boston media, all because someone posted their party pictures, which depicted underage drinking, on Facebook. It’s never okay to show illegal behavior.

2. Account hijacking. Phishers imitate the Facebook email template, tricking victims into believing they have received an official Facebook message. Once you enter your login credentials, criminals can take over your account, pose as you, and ask your friend for money. Always log into your Facebook account manually, rather than going through a link in an email.

3. Facebook bullying. It is so much easier to write something awful about someone than it is to say it to them personally. Words hurt. Vicious words have led to kids committing suicide. Friend your kids and see what their online dialogue looks like.

4. Online reputation management (or lack thereof). I’ve seen teachers, professors, students, officials, police, and others from just about every walk of life get fired because of words or pictures they posted on Facebook. Remember, if what you post wouldn’t pass the potential employer test, don’t do it.

5. Social media identity theft. When someone snags your name, posts a photo as you, and begins to communicate while impersonating you, the effects can be devastating. Grab your name on as many sites as possible, including Facebook. Knowem.com can help speed up this process.

6. Financial identity theft. Bad guys use Facebook to crack your passwords. Most online accounts use “qualifying questions” to verify your identity. These questions tend to involve personal information, such as your kids’, other relatives’, or pets’ names or birthdays. When the bad guys find this information on your Facebook page, they can reset your passwords and steal your identity. So limit what you post, and lock down your privacy settings.

7. Burglaries. Criminals have been known to check Facebook statuses to determine if potential victims are home or not. Publicly declaring that you’re not home creates an opportune time for burglars to ransack your house. Never post this information on Facebook.

8. Geo-stalking. Location-based GPS technologies incorporated into social media are perfect tools for stalkers to hone in on their target. Please just turn these settings off.

9. Corporate spying. By posing as an employee, setting up a Facebook group, and inviting all the company’s employees to join, the bad guy gathers intelligence that enables him to commit espionage from within the organization.

10. Harassment. This goes beyond bullying. In one example, a woman was on a camping trip and unreachable by phone when her Facebook account was taken over. The “harasser” wrote all kinds of desperate status updates posing as the woman, leading concerned friends and law enforcement to her house, where they broke down her door.

11. Government spying. Who is that new friend? The AP reports, “U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects.” Just don’t be a “suspect.”

12. Sex offenders. Facebook is perfect for sex offenders, who pose as real nice people until they gain their victims’ trust. Always be on guard, and do background checks, at least.

13. Scams. It’s just a matter of setting up a fake Facebook page and marketing it to a few people, who then send it to their friends, who send it to their friends. An Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card. Like mom said, if it sounds too good to be true, it’s probably not true.

14. Legal liabilities. In New York, a judge recently ruled that material posted on Facebook and other social networking websites can be used as evidence in court, regardless of whether the posts were hidden by privacy settings.

15. Zero privacy. If you think for one second that what you post on Facebook is for you and your friends’ eyes only, you simply don’t understand how the Internet works. Many sites are capable of pulling data from the bowels of Facebook, despite any privacy settings you may have in place. And that data can be stored forever, which means that it can come back to bite you long after you’ve forgotten you ever posted it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers on social media on CNN. Disclosures


100 Million Facebook Profiles Published via P2P

Personal information on 100 million Facebook users has been scraped from the social media site and is being shared and download as a single file via what is called a Bittorrent. BitTorrent is a peer-to-peer (P2P) file sharing protocol used for distributing large amounts of data.

Facebook  takes on the issue is the data that was scraped wasn’t private at all. To a degree, I agree. The data is being shared through the site, it’s already public.

Here’s how it went down: a good guy hacker developed a program that went through all 500 million profiles and was able to skim (scrape) all the data from Facebook that wasn’t locked down via the users Facebook privacy settings. Basically if you didn’t lock your privacy settings down, it’s now available in this file. If you lock down your settings today, it’s still in this file.

What’s the point? Hackers like to tinker, and some like to make a point. It seems the hacker here wanted to make a point that your data on social media is up for grabs whether you like it or not.

What’s the risk? It seems the format and way the data was compiled is now searchable in a way that can benefit advertisers and marketers. Can it be used by thieves? It’s too early to tell. In this situation my first concern would be data that you may not want to be around in 20 years that may damage your reputation down the road.

This incident should highlight the lack of privacy and lack of security that exists in social media. Recognize that whatever information you share online, can ultimately end up in anyone’s hands, whether you like it or not.

Lock down your privacy settings and be very conscious of what you share. It may bite you someday.

Robert Siciliano personal and home security expert to Home Security Source discussing social media Facebook scammers on CNN. Disclosures.

Sex Offender Sets Up Facebook Page Looking For Love

A sex offender, who spent 11 years in a court-ordered treatment program to rehabilitate him, is looking for a relationship via Facebook.

Facebook is approaching the 500 million member mark worldwide. Chances are there are a few sex offenders in there somewhere. I’d guess anywhere between 1 and 3 percent have a penchant for violating another persons sanctity. Statistically out of the 300 million people in the U.S., there are 500,000 registered sex offenders. Of those registered, thousands more aren’t and many haven’t been caught. You do the math.

He’s 29, so he was in detention since he was 18. His mom must be proud. He was found guilty of sexually assaulting girls. If I was one of the girl’s dads I’d be “friending” this dude to know what he is up to.

He has now set up a Facebook page, with a picture of pop singer Pink, in a bid to date women. Sounds like a real interesting guy.

The Herald Sun pointed out that 3 of his 12 online friends have profile photographs on his page which include children. Just ducky.

Be careful who you friend. They really are out there. Living breathing whacky predators.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Sex Offenders on Fox Boston.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

Facebook + Hackers – Privacy = You Lose

I’m as sick of writing about it as you are sick of reading about it. But because Facebook has become a societal juggernaut: a massive inexorable force that seems to crush everything in its way, we need to discuss it because it’s messing with lots of functions of society.

We should all now know that whatever you post on Facebook is not private. You may think it is, but it isn’t. Even though you may have gone through all kinds of privacy settings and locked down your profile, Facebook has changed them up internally so many times that they may have defaulted to something far less private then what you previously set.

Furthermore, no matter how private you have set them to, if you friend someone who you don’t know (like that human resource officer), they see what’s “private” and anyone on the “inside” can easily replicate anything you post to the world.

The activist groups waging what amounts to an undeclared war against the social-networking site for the last year, complete with no fewer than three letters to federal regulators claiming Facebook’s actions are illegal said that they’re hardly ready to declare a truce.

Attacks targeting Facebook users will continue, and they could easily become even more dangerous. Computerworld reports “There are limitations to what Facebook can do to stop this,” said Patrik Runald, a U.K.-based researcher for Websense Security Labs. “I wouldn’t be surprised to see another attack this weekend. Clearly, they work.”

Websense has identified more than 100 variations of the same Facebook attack app used in the two attacks, all identical except for the API keys that Facebook requires.

What does this mean to you?

For crying out loud stop telling the world you hate your boss, neighbor, students’ teachers, or spouse and you’d like to boil a bunny on the stove to teach them a lesson. I guarantee even if you are kidding, someone won’t like it. What you say/do/post, lasts forever.

Stop playing the stupid 3rd party games. When you answer “25 questions about whatever” that data goes straight into the hands of some entity that you would never have volunteered it to.

Make sure you PC is secured. Keep your operating system up to date with security patches and anti-virus and don’t download anything from any email you receive or click links in the body of any email. Once you start messing with these files you become a Petri dish spreading a virus.

Robert Siciliano personal security expert to Home Security Source discussing Facebook scams on CNN.

Beware of Facebook Dangers

Robert Siciliano Identity Theft Expert

Danger!! Hows that for a blog title that screams fear, uncertainty and doubt!? Fact is Facebook boast 400 million users and is in so many ways seems out of the control of its founder, and is looking dangerous. This is a company that has grown faster than fast and has a (very intelligent) 20 something CEO just out of puberty calling the shots. It seems the amount they (his Board? CIO? ) lets him run at the mouth that privacy is no big deal, shows an immature lack of control over this operation. Any company that wields this much power needs to be checked and balanced.

Their growing pains are publicly played out in numerous lawsuits and visceral rants by every possible pundit (like me) and privacy professional on the block.

Sure when you are that big there will always be someone who wants to take you down. But every week there is a new story about a security breach or a privacy violation. That tells me it’s more than growing pains or jealousy. There are serious management problems there resulting in reputation issues for the company and for the user, security issues.

DANGER, DANGER!

The 3rd party applications in the form of games and quizzes are sharing data that’s not meant to be shared. While the user may agree to the terms of service, they aren’t reading the fine print. Is it really in Facebooks interest to allow this?

Seems like every 2 weeks they change whatever privacy settings there are and the public gets more pissed off with each change. Why doesn’t someone inside this company have a clue what the public wants? What’s more obvious is they don’t care!

Criminals and scammers set up fake profiles of companies and individuals all day every day. These social media identity theft profiles are designed to get people to provide data for free gift cards or other offers that ultimately allow for financial fraud to occur. Is there no way they can more effectively police this?

Recently, the chat feature was made public. For a period of time users chats were available for anyone to see. They had to shut it down to calm the mess. How the heck does that happen? Don’t they have redundancy built in to prevent this?

Ads appearing on Facebook are sanctioned in some way by Facebook and some are malicious. When clicked they can infect your PC. You would think that a private company worth billions would have systems in place to prevent its users from getting hacked via ads placed on their own servers?

So now that I’m done throwing up, protect your identity. Because when it gets hacked on Facebook, don’t say I didn’t warn you.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Watching Out For Criminal Hacks

Robert Siciliano Identity Theft Expert

We use the web to search out tons of information, to shop online and to connect with friends and family. And in the process criminals are trying to whack us over the head and steal from us. And they’ve become very proficient at their craft while most computer users know enough about protecting themselves today as they did 15 years ago. Which equates to not so much.

Back in the day, a person only had to know not to open a file in an attachment from someone they didn’t know. Maybe even not opening one from someone they knew and making a phone call first. Today there are more ways than ever that your PC can be hijacked.

Today you can simply visit a website thinking you are safe and the bad guy was there before you and injected code on the site and now it infects your out-dated browser. That’s a “drive by” and it’s very common today. Here is a list of likely attacks occurring every day.

Fundamentals:

Update your browser. Internet Explorer and Firefox are the most exploited browsers. Whenever there is an update to these browsers take advantage of it.   Keep the default settings and don’t go to the bowels of the web where a virus is most likely to be. Consider the Google Chrome browser as it’s currently less of a target.

Update your operating system. No matter what brand of computer you are on you have to update the critical security patches for your Windows operating system. Microsoft will no longer support Windows XP after 2014, so start thinking about upgrading to Windows 7 (which is pretty sweet). Go to Windows Update. Why anyone would keep XP running unless they had to is a mystery to me. It’s a dog who has been kicked too many times.

Update Adobe Reader and Flash. Adobe PDFs and Flash Player are ubiquitous on almost every PC. Which makes them a prime target for criminals. To update Reader go to Help then Check for Updates. To update Flash go here.

Don’t be suckered into scareware. A popup launches and it looks like a window on your PC. Next thing a scan begins. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year. Just shut down your browser and do a scan with your existing anti-virus. Then update your browser because it’s probably outdated, which is why you saw scareware in the first place.

Beware of social media scams. Numerous Twitter (and Facebook) accounts including those of President Obama, Britney Spears, Fox News and others were taken over and used to make fun of, ridicule, harass or commit fraud. Often these hacks may occur via phish email. Worms infiltrating Twitter requesting to click on links would infect user’s accounts and begin to multiply the message. Then your followers and their follower would get it, causing more grief than anything else.

Invest in social media protection @ Knowem.com

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano identity theft speaker discussing social media identity theft on CNN

Facebooks New (and only) Security Feature

Identity Theft Expert Robert Siciliano

So maybe you used a public PC to log into your Facebook account and you hit a button that saved your login credentials. Or maybe you received an email from what you thought was Facebook and you plugged in your username and password and got phished. Now someone other than you has your account information and they are logging in to torture you or steak from your friends.

Wouldn’t it be nice to have a degree of control over that?

Facebook just introduced a security setting that sends you an email telling you someone has just logged into your account.

The feature doesn’t protect you from being stupid and giving your credentials away, but it does give you an opportunity to log into your account and change the password and thereby block the bad guy from getting back in. But the bad guy can change your log in information too. All they have to do is change your email address. Once they do they receive an email at the new address and hit a confirm link. At the same time you will also get an email to the original login email gving you the opportunity to dispute the new account number. So if this ever happens, act quickly.

To set up and enable notifications

1. go to “Account” upper right hand corner

2. in the drop down menu to “Account Settings”

3. in the main menu go to “Account Security”

4. click “Yes” next to “Would you like to receive notifications from new devices”

5. the same can be done with text messages if you have your mobile plugged into Facebook. But don’t have your mobile displayed on your page publically.

6. Log out then log back in and it will ask you to identify the computer.

I did this on 2 PCs and a phone. It didn’t ask me to identify the phone, but it did send me an email:

Your Facebook account was accessed using Facebook (Today at 8:36am).

If this happened without your permission, please change your password immediately.

If this was an authorized login, please ignore this email.

To change your password:

1. Log in to your Facebook account.
2. Click the Account tab at the top of the screen and select “Account Settings” from the drop-down menu.
3. Scroll to the Password section of the Account Settings page.
4. Click the “change” link on the right and follow the instructions.

Thanks,
The Facebook Team

Hey Facebook, after 400 million users you are just getting around to this? It’s a start.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Want Privacy? On Facebook? Shut Up!

Identity Theft Expert Robert Siciliano

There seems to be a groundswell of people who are anti-Facebook today.

Google “Facebook” and “Privacy” and 761,000,000, that’s seven hundred and sixty-one million results come up in a quarter second. WHY? BECAUSE THERE IS AN OBVIOUS ISSUE WITH FACEBOOK AND PRIVACY. The major issue here is not that Facebook isn’t private, it’s that some people want it to be private and its not and they can’t have their cake and eat it too. Privacy has always been a hotbed media grabbing issue that sells news too, so the few privacy pundits that there are, get all this attention by pointing the finger.

Mark Zuckerberg, Facebooks head dude said “people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.Then he went on to say “that social norm is just something that has evolved over time.”

Nick Bilton a New York Times writer interviewed a Facebook employee and shortly after tweetedOff record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.”

So if the head of an organization is telling you straight out, privacy isn’t really a concern, then why expect anything different? If you are about to book a cruise and you are told the captain of the ship likes to drink ALOT and he has a habit of hitting icebergs, would you get on the ship? If you don’t like the way things are done at Facebook either shut up or delete your profile.

I personally have no hard feelings towards Facebook, I also don’t share intimate details of my life and I understand the implications of the service. My angst is towards its users who say and do things that make themselves vulnerable to crime and online reputational disasters. Like Howard Stern’s dad used to say to him “I told you not to be stupid you moron.

And now that politicians are stepping in and making a fuss, Facebook is now the new privacy battle ground. These same politicians won’t do anything or accomplish anything. They just love the attention. And with 400 million people on board, I think privacy is deader than dead, a rotting corpse that just smells bad and we will complain as long as the stink lingers. Openness and transparency along with sharing too much information is the norm. But that doesn’t exclude you from at least understanding the risks, taking some responsibility and being smart about how to use it.

Protect yourself:

Use URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

A Great Way to Ruin an Online Reputation

I’m all about transparency. But that’s just me. Not everyone is so forthright. Most people prefer to fly a click or more below the radar and never have a light shine on them. I prefer to make sure what’s being said, is said by me and not some troll. My brother used to say “the worst thing that can happen to a person is to end up on one of those stupid talk shows.” Then I proceeded to do every talk show including Howard Stern. But that’s just me.

My only regret was doing the Maury Povich show. That guy just played me and took advantage of me and used me as a pawn on his show. He would ask the audience leading questions adverse to my sound advice and continually allow the stupidest person in the room to answer. Controversy is fine, but bad, potentially deadly advice isn’t.

My point in all this? Things are heading in a direction that if you aren’t transparent, if you aren’t doing things to boost your credibility, if you aren’t “open” and someone decides to use the internet to slam you, then they automatically have the upper-hand. Today a person has less control over what is said about them than ever.

Unvarnished is a new website, in beta, you need to be invited. Users connect with Facebook. PC World seems to allude to anonymous posting on Unvarnished that can only happen if someone fakes a Facebook profile. Anything in the form of anonymous posting doesn’t benefit the common good.

For example, when I read the comments in newspapers or blogs, I often see people throwing up all over everyone and saying the meanest, rudest and most hateful things. These cowards can easily do this anonymously. But none of them have the nerve to assign their actual name to it.

PC World reports Unvarnished functions like other social networking sites–especially the popular professional social networking site, LinkedIn. Users can create a profile with their resume and work information, and request reviews from their professional colleagues. The difference, of course, is that users can also “create” a profile for non-Unvarnished users–if you, say, want to leave a review of that shoddy intern from two summers ago and he/she doesn’t have a profile–no worries, you can still leave the review. Shoddy intern can then claim said profile later, if he/she so desires.

The best way to gain more control over this kind of site is to set up your own profile. It’s a start. Then build positive commentary. Another tool for managing online reputation management is to go to Knowem.com and grab up all the social media sites and get your name.

And protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

Robert Siciliano Identity Theft Expert

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

PC World reports In the past months, fan pages have popped up all over the social networking site, offering too-good-to-be-true gift cards. There’s the $500 Whole Foods card, the $10 Walmart offer, and the $1,000 Ikea gift card. The Ikea page put these gift card scams on the map last month, when it quickly racked up more than 70,000 fans before being snuffed. Facebook has also taken down Target and iTunes gift card scam pages in the past few months.

To get the gift card the users must enter names, address and email address. They are then pointed to other pages where real products and services are offered. From there they enter credit card details if the offer appeals to them.

The root of this scam is believed to be perpetrated by affiliate marketers who make money on click throughs and create a ruse to gather data on potential customers also known as a “sucker list.”

In general, there shouldn’t be any traditional identity theft as it relates to new account fraud as long as requests aren’t being made for Social Security numbers, and the “victim” isn’t giving one out. Otherwise I don’t see this scam as harmful, but is certainly deceptive.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.