Antisocial predators can wreak havoc on social networking sites
With more than 750 million active users, Facebook offers plenty of opportunity for personal and professional interaction. But there are bound to be a few bad actors. CU’s Office of Information Security offers these tips for avoiding scams that can take place on the social networking site.
Impersonation
Ever since that pesky wolf donned the sheep’s clothing, none of us Facebook users can be safe. How are we ever certain that the friend request you got from your old high school sweetheart is really him or her? Facebook scammers rely on the tendency of users to accept requests without verifying who the person really is. There are a couple of reasons why we do this. First, we’re lazy. It’s a lot of work to follow up on that request – especially since the only way to really verify that request is through out-of-band communications. Second, we don’t want to be rude. Just because I don’t know exactly who you are doesn’t mean I don’t want to be your friend (see “social compliance” below). And third, we don’t always understand the consequences of accepting fake friend requests – so what’s the big deal?
Facebook scammers may have one or more of these possible motives for becoming your “friend.” Maybe they are trying to gain your trust so they can send you a plea for money (“Please help! I’m backpacking in Europe and was mugged! Please send me $1,000 so I can get home!”) Maybe they’re stalking you – do you really want to share your “places” with people you don’t really know? The most likely scenario is that they want to send you spam or get you to click on a link to a website that hosts malware. Having access to your friend list is also very enticing to a spammer. Maybe they are trying to steal your identity by getting you to fill out a form online with your personal information. Speaking of phishing…
Phishing
Identity theft equals money to these bad actors. According to Symantec’s Global Internet Security Threat Report, the bad guys make up to $30 per credit card number, up to $850 per bank account username and password, and up to $20 per Social Security number (including name and birthdate). If a scammer can get a phishing message out to just 1 percent of Facebook users and if just 1 percent of them fall victim to the scam, that could potentially net him/her $1.5 million for credit card numbers. But how do they get us to give up that information? The scammer may have set up a rogue application or game that you have to pay for or give them access to your information to use.
Clickjacking (likejacking) and social compliance
There are some very convincing campaigns these days to get users to follow links, especially on Facebook . Scammers know how to use our morbid curiosities against us. The latest scam reported on the Sophos nakedsecurity social network blog is an “I lost all respect for Emma Watson when I seen this video! Outrageous!” scam. Posts like that are spreading through social networking sites with juicy enough titles that we just can’t resist clicking on them. Besides, don’t you really want to know why my good friend has lost all respect for this celeb? Scammers have found another weakness in our personalities – our need to fit in and be “in the know.” Instead of watching an outrageous video, you download a virus and the scam is then posted on your wall for all your friends to click on, too. This method of propagation has taken on the term of “clickjacking” or “likejacking” in the IT security community.
Scare tactics
You may have noticed the common thread among these scams is trust. Scammers need your trust in order to get your information. A bad guy may get you to click on a link by impersonating someone you know or getting the trust of one of your friends who will pass the link on to you. Scare tactics are another way that scammers get you to trust them. If you got an email in your inbox that said, “I thought you should know that I saw a naked picture of you on Facebook – here’s the link,” you would probably be scared enough to clicking on the link.
So what do we do?
Reading this article is a good start. Understanding how scammers are trying to take advantage of you will help you recognize the scam so you can avoid it before it becomes a problem. Also, take care in the information you share and the people you trust when using social networking sites. Here are some “actionable” safety tips for securing your Facebook profile:
- Adjust your privacy settings – Facebook provides extensive privacy settings so that you can granularly control the information you share. Take advantage of the friends lists, too. Being able to group friends will help you separate your personal and work life. To find out more, check out the guide to privacy on Facebook: https://www.facebook.com/privacy/explanation.php
- Set up secure browsing – Make sure the eavesdroppers can’t get your login information by turning on the “Browse Facebook on a secure connection (https) whenever possible.” This setting is available by going to Account -> Account Settings -> Account Security and expanding the options by clicking the “change” link.
- Set up login alerts – Know when your account has been logged into from a computer you don’t normally use. This setting is available by going to Account -> Account Settings -> Account Security and expanding the options by clicking the “change” link.