Facebook Apps Leaking Your Information
A report was recently published claiming that nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles. Symantec released the report and said that an app security flaw may have given apps and other third parties access to users’ profiles. Facebook maintains that they have no evidence of this occurring.
In their report, Symantec wrote:
We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions. According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.
Facebook Nigerian Scam Costs Victim $300,000+
At this point, we are all pretty used to the classic Nigerian Scam. Someone who is recently wealthy needs your help to gain access to the funds. They will let you keep $1 million if you will simply send them your bank account number so he can transfer $30 million to you. Its a dream come true to most!
What happens when that same scam is used on Facebook by one of your friends, by someone you trust? The results can be disastrous. One woman was scammed out of $366,000 because she felt sorry for the scammer’s sob story. The woman contacted the local authorities after realizing she had been conned by her Facebook “friend”. Police arrested six male suspects in Kepong, all allegedly connected to the Facebook scam: two Nigerians, two Bangladeshis, and two Malaysians. Investigators only managed to recover $5,000 in cash of the victim’s money, although they also seized 18 ATM cards, seven cell phones, and a laptop.
At least in this case the men were apprehended. In most scams of this nature there is no chance of finding the scammers and the money is long gone. Even when one of your Facebook friends asks you for something (money, help, information), your first reaction should be healthy skepticism. Verify that what they are saying is true (call them before sending money). Often times, a thief will take over a friend’s account or create a false account in order to gain your trust and eventually, your money.
5 Steps to Avoid Facebook Destruction in Business
How should my business balance the risks of social media with the rewards of this increasingly dominant and highly profitable marketing medium? That’s the very insightful question that a CEO asked me during a presentation I gave on information leadership for a Vistage CEO conference.
Think of your move into social media (Facebook/Fan/Business Pages, LinkedIn, Twitter, YouTube, etc.) like you would approach the task of helping your fifteen-year-old daughter prepare to drive on her own. You love her more than anything on earth and would do anything for her (just like you will go to great lengths grow your business), but that doesn’t mean you just hand her the keys. Trying to forbid or ignore the movement into social marketing is like telling your teen that they can’t get their license. It isn’t going to happen, so you might consider putting down the denial and controlling those pieces of change that are within your power. The task is to maximize the positives of her newly bestowed freedom while minimizing any negatives; the same is true in social media.
Here’s a simple plan to follow that will help keep you safe and productive:
How to Change Your Facebook Password
A close friend of mine just had his Facebook account taken over and used for pretty nasty things, so… this is just a quick reminder to change your Facebook password frequently for added security. If you have been a member for years, like most people, and have not ever changed your password, I recommend you do so right now (don’t wait, you’ll never do it later).
On a site like Facebook that houses so much of your personal reputation and information, it is good to keep passwords new and difficult to hack. We see people’s Facebook profiles get hacked every day from clicking on malware and phishing schemes – and once they have your Facebook password, they probably have the same password you use on other accounts. Changing your password frequently, as simple as it sounds, is an easy way to avoid some of the privacy problems posed by Facebook. Once you are logged in, visit your Account Settings Page. On the first page next to Password click change.
Now that you are in your Account Settings, spend a minute clicking around to explore some of your other settings. While changing your password doesn’t solve all of your security issues, it will help you feel a bit safer on the social networking giant!
Facebook Can Use Your Photos in Their Ads Without Permission
Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?
Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:
You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
- For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free,
worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
2010 Identity Theft Statistics Released
The 2011 Identity Fraud Survey Report by Javelin was just released, and it shows new trends in identity theft. While the report states that identity theft cases have decreased overall, it is costing consumers more time and money. The good news is that the drive to increase awareness about identity theft is working.
Meanwhile, consumer costs, the average out-of-pocket dollar amount victims pay, increased, reversing a downward trend in recent years. This increase can be attributed to new account fraud, which showed longer periods of misuse and detection and therefore more dollar losses associated with it than any other type of fraud. – Javelin Strategy & Research
The cost to resolve identity fraud issues rose dramatically in 2010 because there was a change in the type of fraud that was being committed. New Account fraud is on the rise and this is the hardest type to detect and costs the victim the most. The majority of thieves who use friendly fraud, where they target friends and relatives they know, are able to do a lot of damage by setting up new accounts in the victim’s name. Since the victim has no idea that they are a victim, they can continue to use their identity longer, which racks up more financial theft. 
Facebook Safety: New HTTPS Facebook Settings
Facebook has announced that they will be rolling out a new security feature that will add full HTTPS support to the site. The new secure site uses the same underlying technology that banks use to keep your communications out of the reach of potential hackers. While many people don’t have this feature yet and mine just showed up today, eventually all users should have the capability.
To enable HTTPS, log into your Facebook account and at the top right go into Account -> Account Settings.
Once there, scroll all the way to the bottom and click “change” next to Account Security.
The following screen should pop up. Check the box under Secure Browsing. You can also check “send me an email” (or a text message to your cell phone, which I don’t advise giving to Facebook) so that if someone tries to log into your account from a new computer, Facebook will immediately alert you. This is a good way to find out fast if your account has been hacked.
Facebook rolled out these secure settings to make Facebook seem safer, but like many of their security changes, they are turned off by default. You must go in and manually change the feature to gain the added security.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
