You’d think that with Facebook’s new granular / master switch type privacy and security settings you could finally let your guard down and enjoy Facebook free from worries about scammers, identity thieves and cyber criminals… WRONG..
Keep in mind that the more information made available by default to the public, the higher your risk of being targeted by cyber criminals and scammers is.
In fact, in some ways, you are even more at risk from being scammed because of these new features. Moreover, there are still many privacy and security issues that Facebook hasn’t managed to address yet.
Below are some examples:
1. Facebook’s Default Privacy and Security Settings
There have been complaints in the past that every time Facebook redesigns the site or integrates some changes, all the privacy settings are reverted back to default. This puts Facebook users at risk because some of the information they have made private is made public and accessible to everyone.
Worse, Facebook users aren’t even warned that their information has been made public. True Facebook usually puts out a bulletin that changes have been made to the site but its usually up to the users to discover [through their friends or network] that some of their previously private information is viewable by the public. For this time span, which could be hours for some and more than a week for those who don’t use Facebook that much, users are more at risk from cybercriminals and scammers getting their info.
A grandmother was recently scammed out of thousands of dollars because someone told her that her grandchild was in jail and she had to send bail money – the scammer profiled their relationship through conversations on her Facebook wall.
2. Opt in Rather Than Opt Out Security/Privacy
There have also been complaints about Facebook’s standard and recommended settings as being too lax. Take for example the instant personalization feature wherein partner sites are given your information – this is activated on the default and recommended settings and if you want it turned off, you’ll have to access the customize settings page. Having this on at default settings is alarming especially in light of the recent Yelp [a partner site of Facebook] security breach.
Another dangerous default and recommended setting is giving your friends’ applications access to your data through the ‘info accessible through your friends’ option. This should’ve been deactivated at default and recommended settings as leaving it on is much like a MAD [mutually assured destruction] treaty between friends should one account be compromised.
Yet another example is the fact that Facebook profiles are searchable by search engines and Facebook search by default. 171 million Facebook profiles were recently mined for public information and posted on a torrent site by a security expert all because of this default setting.
Many security experts are alarmed at this opt in rather than opt out privacy/security settings as this means that Facebook users who are not tech-savvy are at higher security/privacy risk by default.
3. Automatic Posting of Recent Activity
Along with Facebook’s recent overhaul of security/privacy options is the removal of users control over the posting of recent activity on their wall. This means that if you’ve ‘liked’ a page, a comment, a photo, a video, a group, etc, this activity will be automatically posted on your wall. On a personal level, this is already an uncomfortable position to be in because it gives too much visibility to your Facebook activities by automatic posting on your friends’ walls.
This also makes it easy for people to track your every Facebook move and comments and it makes identity theft a lot easier too as cybercriminals can now very easily profile you according to what you post on other pages, what your interests are and the friends you usually interact with.
A growing number of Facebook users are falling victim to the ‘friend in need/friend stranded in another country’ scam which is made possible having the friend’s list public by default and because of the visibility of user’s recent activity.
Lastly, the automatic posting of recent activity also makes it easier for Facebook scams and like jacking to spread. A friend falls victim to a mobile phone subscription scam by liking a group or clicking on a link, the activity is automatically posted on their friends’ newsfeeds thus putting his or her own network at risk.
4. No User Controls for News Feed [Top news]
There have been complaints too about the lack of user controls over the news feed shown in the homepage. Taken along with the automatic posting of recent activity, this is also a venue for spreading scams and malware as users cannot separate top news from friends according to their lists, pages and groups.
5. Friend Finder
Facebook’s friend finder option gives you the option to connect with more friends by pulling data from your email address and suggesting them to you. This is all well and good if your email contacts are limited to your friends only. Facebook users are complaining though that this feature is suggesting ‘friends’ that are of no relation to them. Take for example the eBay seller you’ve bought your Xbox from more than 2 years ago.
Hand in hand with Facebook’s find more friends button which also pulls information from your email, these features makes it very easy for undiscerning users to connect with people they don’t really know or trust in real life and this is a big security risk.
6. Games Format Encourages the Adding Of Friends Users Do Not Know
It’s very interesting to note that most Facebook games seem to be against privacy and security as they encourage users to connect with a lot of people they don’t really know. Remember that unless you create special lists for these people and unless you set the corresponding privacy levels, which are time consuming and a bit complicated to do by the way, having all these people who don’t know gain access to sensitive personal information is a very dangerous thing to do.
Farmville for example encourages this by making level ups easier by having more Farmville neighbors, same goes to Mafia Wars and Café World.
7. Rogue Applications
A quiz that takes you scam page, a poll that signs you up for mobile subscriptions without your knowledge, applications that automatically post on your wall, applications that mines your data and sells these to 3rd party lead generation services or advertisers, these and more prey on the unwary users everyday because Facebook cannot efficiently police its army of 3rd party application developers.
Aside from Facebook’s sandbox for new applications as well as its infrequent investigations on highly controversial apps, there is essentially nothing standing between Facebook users and rogue applications that may deliver malware, abuse user data or promote Facebook scams.
A recent example of this is the the ‘I will never text again after seeing this’ video Facebook scam that spread through a rogue application that reports the scam message on its victim’s walls. The link directs victims to a quiz page where they are unknowingly made to subscribe to a $10/month service. More than 170,000 Facebook users have fallen victim to this.
8. Rogue Ads
Much like rogue Facebook apps, rogue ads are also a growing menace to Facebook users. Because of Facebook’s inability to screen all the ads that gets into the network, some ads with embedded malicious codes are getting through. An example of this is the antivirus ad that showed in 9.6 Million Farmtown players’ screens urging them to download an antivirus program that had a virus in it.
9. Fake Facebook Profiles
A study 2 years ago revealed that as much as 40% of all Facebook profiles are fake and are created by bots or by impostors. This is a big risk to Facebook users especially those who are indiscriminate in adding friends and posting sensitive matters in their walls such as the schedule for their vacation.
10. Deleting and Deactivating Accounts
A few users know this but Facebook doesn’t erase your data when you deactivate your account. This means that even after you quit Facebook, the company can still use or sell your information to 3rd party advertisers, etc.
Up until now, there isn’t a visible button in totally deleting your account. To do this, Facebook users must look for the link in Facebook’s help section, submit a request and wait for 14 days or more before their account is deleted. Some Facebook users have been given this feature in the company’s recent experiments in additional Facebook features but it is unclear whether this will be incorporated into he mainstream.
Of course, aside from all the above mentioned privacy and security issues with Facebook, there’s still the occasional bugs and programming loopholes that rears its head from time to time. A classic example of this is the recent Facebook bug that TechCrunch stumbled upon where users can view their friend’s live chat with other users in real time.
Add this to the also recent Verisign’s iDefense alert that 1.5 Million Facebook usernames and passwords are being sold by a hacker for $25 – $45 each and you realize that Facebook could be a very dangerous place indeed.
The internet is really the new frontier. And just like the wild, wild west, it’s a free for all between the good guys and the bad guys with ordinary people caught in between. Facebook is no different. The best we can do is to circle the wagons and protect each other as best as we can.
Please join our scam alert community in Facebook and help spread the word about trending Facebook scams.