Tag Archive for: social networking

7 Security Secrets of Social Networking

On the surface, social networking is like a worldwide cocktail party—full of new friends, fascinating places and tasty apps. Resisting the urge to drink from the endless fountain of information is nearly impossible because everyone else is doing it—connecting is often advantageous for professional reasons, it’s trendy and, unchecked, it can be dangerous.

Beneath the surface of the social networking cocktail party lives a painful data-exposure hangover for the average business. Sites like Facebook and Twitter are now the preferred tool for malware delivery, phishing, and “friends-in-distress” scams while more business oriented sites, like LinkedIn, allow for easy corporate espionage and the manipulation of your employees.

To avoid the cocktail party altogether is both impractical and naïve—the benefits of social networking outweigh the dangers—but applying discretion and wisdom to your social strategy makes for smart business. Follow these 7 Security Secrets of Social Networking to begin locking down your sensitive data.

  1. On social networks, possession is ten-tenths of the law.When you put your business’s information on a social network, you have forfeited your exclusive right to that information. Unlike a physical asset, information can be simultaneously recreated, stored and accessed by unlimited users at any one time, allowing it to flow like water through your fingers. Additionally, there are very few laws governing the ownership of information once it leaves your office (e.g., goes into the cloud), leaving you no legal precedence for winning back your privacy. On a personal level, for example, when you populate your Facebook profile with a birthdate, it is sold to advertisers along with your demographics, “Likes” and a map of your friend network. Similarly, in the business world, the minute you establish a Facebook page and begin to attract “fans” or a Twitter page for followers, you’ve just centralized and publicized your customer list for competitors. Solution: Create a strategic plan before you expose your intellectual property. Prior to going live with a corporate social networking profile or sharing your next post, think through how much sensitive information you are sharing, and with whom. Unlike a traditional website, social networks connect human beings, some of whom want to map your organizational structure, track your marketing initiatives, hire your star employees, breach your systems, poach your fan list or steal sensitive intellectual capital. It is imperative that you: 1. Create a strategic social networking plan that 2. Defines what information can and should be shared by executives and employees on Facebook, Twitter, LinkedIn, etc. 3. Consider using social media to attract new prospects rather than creating a following of existing (and poachable) clients. 4. Populate your profile with only publicly available, marketing-based data. 5. Keep personal comments for personal pages, as they have no place at work. 6. Don’t rely on a policy to communicate your intentions and requirements surrounding social media. The most successful companies build a culture of privacy through an interactive process that allows the entire team to co-create a solution.
  2. Lack of education, not technology, is the greatest source of risk. It’s easy to blame our data privacy woes on technology. At the heart of every security failure (technological or otherwise), is a poor human decision, generally due to a lack of awareness. For instance, an employee, not a machine, decides to spend their lunch break using their work computer to post on personal social networking sites. In many cases, they do so because the business has not established guidelines for these scenarios, nor have they educated them on the risks. For example, most employees don’t understand that more than 30% of all malware is delivered to corporate computers via social spam through personalsocial networking use conducted on work computers. Solution: Educate your team as individuals first, employees second. The most effective way to change a human being is to appeal to them emotionally, not intellectually. Most of us are more emotionally connected to our personal lives than to our jobs. Consequently, by motivating your employees to protect their own social networking profiles first (and their kids’), you are not only lowering the malware and fraud that they introduce into your computers through lunchtime surfing, you are also giving them the framework and language to protect the company’s social networking efforts. Be sure to: 1. Break the training down into bite-sized, single topic morsels that won’t overwhelm or discourage employees. 2. Allow employees to spend a few moments applying the fixes you’ve just given them. 3. Once they’ve made the changes personally, reconvene and discuss what it all has to do with your organization’s social networking strategy. They will return to the learning table with emotional buy-in and awareness. Strategies Three and Five (below) are examples of this bite-sized, personal to professional adaptation process.
  3. Most social networking risks are old scams with new twists.During a lunch break at work, you receive a Facebook post that seems like it’s from a friend. It’s impossible not to click, enticing you with captions like, “check out what our old high school friend does for a living now!” Seemingly harmless, you click on a video, a coupon, or a link to win a FREE iPad and presto, you’ve just infected your computer with malware that allows cyber thieves full access into your company network. You’ve been tricked by a repackaged version of the virus-delivering-spam-emails of five years ago. Spam has officially moved into the world of social media (thus, social spam), and is now responsible for 30% of all viruses, spyware and botnets that infect our computers. Solution: Discuss social spam self defense at your next team meeting. It’s amazing how quickly people detect social spam once they’ve been warned! After all, they’ve seen it all before disguised in other forms. In addition to giving employees visual examples of social spam, click-jacking and like-jacking, make sure that they are equipped with the following knowledge: 1. If an offer in a social networking post is too enticing, too good to be true, too bad to be real or just doesn’t feel right, don’t click! 2. If you do click and aren’t taken directly to the site you expected, make sure you never click a second time, as this gives cyber thieves the ability to download malware onto your system. 3. Deny social media account takeover by using strong alphanumeric passwords that are different for every site and that you change frequently. 4. Account takeover is easy for criminals, which means that not all “friends” are who they say they are. If you suspect foul play, call your contact and verify their post. 5. Make sure that you protect your business with the latest cyber security and anti-theft prevention tools available. I will discuss these in the next strategy.
  4. Cyber thieves follow the path of least resistance by looking for open doors. Data thieves aren’t interested in delivering malware to just anybusiness (using social networking as their primary delivery device); they specifically target organizations that have done the least to protect their computers, networks, mobile devices, Wi-Fi and Internet connection. Why burgle a house with deadbolts and an alarm when you can attack the home down the street that left the front door wide open? In business, the “open door” usually comes in the form of poor computer security. Solution: Create a Path of Strategically Elevated Resistance. Thieves get discouraged (and move on to other victims) when you put roadblocks in their way. Keeping your network security up-to-date is the smartest way to quickly and effectively elevate your defenses against cybercrime. Follow these simple steps: 1. Hire a professional to conduct a security assessment on your network; the investment will pay for itself hundreds of times over. During the assessment and follow-up process, make sure that the IT professional: 2. Installs a security suite like McAfee on every computer, including mobile devices that travel, 3. Sets up your operating system and critical software for automatic security updates, 4. Enables and configures a firewall to block incoming cyber criminals, and 5. Configures your Wi-Fi network with WPA2+ encryption. To cover all of your bases, make sure that 6. You are prepared for a breach if it does happen. Deluxe, in partnership with EZShield, provides state-of-the-art identity protection and recovery services for businesses. It’s like health insurance for your information assets.
  5. Data criminals systematically exploit our defaults. Another way to create a path of strategically elevated resistance is to take away the “broadcast” nature of social networking exploited by thieves and competitors. Instead of inviting everyone to your cocktail party, only allow people you know and trust. When users set up a new social networking profile, the tendency is to accept the “default” account settings. For example, when you establish a Facebook account, by default, your name, birthdate, photo, hometown, friend list and every post you makeare available to more than one billion people. Solution: Change your defaults! It only takes minutes to modify every Privacy and Security setting offered by a social network. On a personal level, 1. Consider limiting who can view your hometown, friend list, family, religious affiliation and interests to Friends Only or even Only Me and 2. Disallow Google to index and share your profile on its search engine. Businesses will want to 3. Leave the indexing feature On to maximize search engine traffic. 4. Post updates to categories of friends (friend groups), not to the entire world. This isn’t only safer personally, it also makes for more targeted and appreciated customer service. 5. Make sure to update your defaults regularly, as social networking sites tend to make frequent changes. Many businesses with Facebook Fan Pages, for example, have not updated their profile in accordance with Timeline, meaning that their page is outdated and unprofessional.
  6. Social engineers mine social networks to build trust and exert influence. The greatest social networking threat inside of your organization isn’t malware or information scraping. Your greatest risk comes from a data spy’s ability to get to know youand your co-workers through your online footprint. Social engineering is the art of manipulating data out of you using emotional triggers such as similarity, likeability, fear of offending, authority, etc. A social engineer’s greatest tool of deception is to gain your trust, which is easy once they know your likes, friends and updates that you publish daily. After a month or so of cultivating what appears to be a legitimate relationship, social engineers begin to manipulate you for information. Solution: Verify, then trust. In the information economy, where data is quite literally currency, you must verify someone’s intentions and credibility before you begin to trust them. Here’s how: 1. Don’t befriend strangers; your ego wins, but you lose. 2. Before you accept a second-hand friend, verify that your existing network actually knows and trusts that person. Too many users accept friends indiscriminately, so you need to investigate their credibility before you hit the Accept button. 3. Don’t believe everything you read on social networking sites. In fact, don’t believe anything of substance until you verify it with reputable, primary sources like a national newspaper, ethical blogger or noted expert. 4. Never send money to a friend in need, download an entertaining app or give away sensitive information via social networking unless you know beyond a shadow of a doubt that the request is legitimate and that your communication is private and secure.
  7. In social networking, there are no secrets. The title of this paper was intentional – people want exclusive access to knowledge that others don’t have. We all want to know the secret, and I used that human desire in a gentle form of social engineering to get you to read the article. But in social networking, there are no secrets. The instant you hit the post button, your information becomes public, permanent and exploitable. It’s public because you have little control over how it is forwarded, accessed by others or subpoenaed by law enforcement. In the blink of an eye, your information is backed up, re-tweeted and shared with strangers. Digital DNA has no half-life; it never disappears. And as you’ve seen above, it can be used against you. Solution: Don’t just read, act! Reading is not enough; you must act on what you have read: 1. Revisit the information you over-share on your social networking profiles and remove it. 2. Modify your account privacy and security defaults so that you share only with the people you trust. 3. Educate your team from a personal perspective first and then apply it to your organization’s needs. 4. Strategically elevate your defenses by securing your computer network with software like McAfee, and recovery services like EZShield. 5. Research advanced fraud and social engineering tactics to protect yourself and your company.

Every company I’ve consulted to that has experienced a data breach wishes that they could “go back in time”. Why? Because recovery is often 10-100 times more expensive than prevention, and because data breach causes customer flight, bad press and depreciated value. Companies that prepare for the coming onslaught of social networking fraud will escape relatively unaffected. Businesses that are unprepared will suffer extensively. According to the Ponemon Institute, the average cost to a business of any size that experiences a data breach is $7.2 million, which explains why so many small businesses go bankrupt after a data loss event, as they are unable to pay the recovery costs. That gives you 7.2 million reasons pay attention.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

College Identity Theft Speaker

I’ve got a neighbor who’s going back to college this week and reminds me that this is by far the highest risk group for identify theft and it’s for a couple of reasons.  When these kids are going off to college, it’s the first time they are getting true financial independence, which might never have been trained to handle.  They have access to credit cards, to new bank accounts, and they’re managing it themselves.  That’s a huge red flag that there’s going to be trouble.  Number two, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s kind of a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where ton of information is stolen. So you need to take some of these steps that are in this blog post.  Help your students take them.  It will help them out not just this year in college but helping them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You got to take care of it now.

John speaks professionally about social media privacy and identity theft to college students.

Facebook Can Use Your Photos in Their Ads Without Permission

Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?

Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

  1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
  2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
  3. When you use an application, your content and information is shared with the application.  We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information.  (To learn more about Platform, read our Privacy Policy and Platform Page.)
  4. When you publish content or information using the “everyone” setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
  5. We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have no obligation to offer them).

Make sure you customize your privacy settings so that you are sharing your data at a level comfortable to you. One place you may not realize you need to check is Facebook Ads. When you visit your Account Settings page the last tab on the right is Facebook Ads. By clicking on it you can adjust your settings  — after you read their pop up on not selling your information. Where is says “Allow ads on platform pages to show my information to” and “Show my social actions in Facebook Ads to” Check No One. This gives you just a bit more control over what Facebook can share about you and your profile.

As it states above,  information you delete from your Facebook may not be permanently deleted. Just know that once something hits the internet it is there for good. Posts, pictures, videos and comments on social networking site are public, permanent and exploitable.

Facebook Reveals the End of Your Privacy | Sileo

The many changes that Facebook has been making recently have users nervous. Nervous because they are lacking the control that they once had over their privacy on the social networking site. While Facebook has never been the mecca of privacy, the recent and swift changes they are making has created more of an issue for users. One by one they are voicing their concerns with the new features and why they feel Facebook is slowly revealing the end of your privacy.

Facebook and privacy issues go hand in hand.

Here are a few of the new features; although they are snazzy, they have many users concerned.

User IDs 

With only your email address on hand, data miners can easily match it with the new user ID that has been issued to you. Basically, the ID provides your name and profile picture no matter how your privacy settings are set. This can also include your hometown, photos, friends, and more depending on how strict your settings are. This gives companies the ability to advertise to you. If you are a young female living in Austin, Texas, there are literally thousands of products that can be marketed to you just using that information alone.

Face Match or Tag Suggestions

When you are uploading photos to Facebook (as shown above), they will make “tag suggestions” of who should be tagged in your photo album. In other words, Facebook has the ability to know what you look like. This feature will be gradually rolled out over the next few weeks. In order to disable your “tagability”, you need to adjust your privacy settings. Just click ‘Customize Settings’ and de-select ‘Suggest photos of me to friends.’ Your name will no longer be suggested in photo tags, though friends can still tag you manually.

Switch Account

In a recent and unintentional Facebook leak, many users reported seeing a switch account tab. This feature gives you the ability to go back and forth between different accounts without having to log in and out. While this is easy for people who are administrators for certain pages, it is a privacy issue for users who want to have many pages in order to play out a scam.

Facebook Privacy Concerns

Facebook was built on the idea that users connect and share personal information with each other. It is up to the users to decide how much and to whom. The more you share, the stronger Facebook becomes and the easier it is to share that information with friends, strangers and advertisers.

While Facebook is consistently rolling out more features, users are having to update their privacy settings.  With so much personal information sharing, the real cost to our privacy is still unknown.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

Identity Theft Expert John Sileo on 60 Minutes


Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a
deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.

For starters, let’s assume your business is strong, maybe even profitable in these tough economic times. In the spirit of Sun Tzu and The Art of War, you’ve dug in your forces, preparing for a lengthy battle: you’ve reduced costs, maximized your workforce, and focused on your most profitable strategies. As your competitors suffocate under market pressure, you breathe stronger as a result of the exercise. But like Achilles, your survival through adversity blinds you and even conditions you to ignore pending threats. You begin to think that your overall strength translates into an absence of weaknesses; and in general, you might be right. But Achilles didn’t die because of his overall strength, which was significant; he died because he ignored critical details. What details are you and your company ignoring?

Information, like Achilles himself, is power. And maintaining control and ownership of your information is quite possibly the most threatening Achilles’ heel any data-reliant business faces. Companies that don’t actively take control of their data are prime targets for identity theft, social engineering, data breach, corporate espionage, and social media exploitation. Regardless of your title, you have a great deal to learn from Achilles’ mistakes, and a significant opportunity to protect your own corporate heel.

Achilles 3 Fatal Mistakes and How to Avoid Them

Admit Your Vulnerabilities. Achilles forgot that he was human, failing to take inventory of his weakness in spite of superior strength. Though his faults were limited — a small tendon at the base of his foot — his failure to protect himself in the right spots proved fatal. When protecting data, it is imperative to understand that your greatest vulnerabilities lie with the people inside of your company. No matter how secure your computer systems, no matter how much physical security you deploy, humans will always be your weakest link. The more technological security you implement, the quicker data thieves will be to attempt to socially engineer those inside your company (or pose as an insider) to capture your data. Admitting vulnerabilities doesn’t have to be a public, embarrassing act. It can be as simple as a quiet conversation with yourself and key players about where your business is ignoring risk.

The three greatest human vulnerabilities tend to be: 1. Unawareness of the risks posed by data loss, 2. Lack of emotional connection to the importance of data privacy (personally in professionally) and it’s affect on profitability, and 3. Misunderstanding that in a world where information is power, it’s no longer about whom you trust, but how you trust. These symptoms suggest that your privacy training has either been non-existent or dry, overly technical, policy related and lacking a strong “what’s-in-it-for-me” link between the individuals in your organization and the data they protect every day.

If this is true inside of your business, rethink your training from this perspective: Your audience members (employees) are individuals with their own identity concerns, not just assets of the company who can be forced to follow a privacy policy that they don’t even pretend to understand. By tapping into their personal vulnerabilities regarding private information (protecting their own Social Security Number, etc.), you can develop a framework and a language for training them to protect sensitive corporate information. Like in martial arts, where you channel your opponent’s energy to your favor, use your employee’s humanness to your advantage. Pinpoint these vulnerabilities and shine the light of education on them.

Fight Prevention Paralysis. One of the most unfortunate and destructive character traits among humans is our hesitation to prevent problems. It is human nature to invest time to prevent tragedy only after we’ve experienced the pain that results from inaction. We hop on the treadmill and order from the healthy menu only after our heart screams for attention. We install a home security system only after we’ve been robbed. Pain motivates action, but the damage is usually done. You can bet that had he the chance to do it all over again, Achilles would slap a piece of armor around his heel (just like TJMAXX would encrypt their wireless networks and AT&T would secure their iPad data).

Prevention doesn’t get the proper attention because its connection to the bottom line is initially harder to see. You are, in essence, eliminating a cost to your business that doesn’t yet exist (the costs of a future data breach: restoring and monitoring customer credit, brand damage, stock depreciation, legal costs, etc.). This seems counterintuitive when you could be eliminating costs that already exist. But here is the flaw in that method of thinking: the cost of prevention is a tiny fraction of the cost of recovery. When you prevent disaster, you get a huge return on your investment (should a breach ever occur). Statistics say that a breach will occur inside of your organization, which means that by failing to invest in prevention you are consciously denying your organization a highly profitable investment. Why would you insure your business against low percentage risks (fire), but turn the other way when confronted with a risk that has already affected 80% of businesses (data breach) and has an almost guaranteed double digit ROI? It is your responsibility to demonstrate how the numbers work; spend small amounts of money preventing, or vast sums of time and money recovering.

Harden the Riskiest Targets. Once you have admitted to and cataloged your vulnerabilities and allocated the resources to protect them, it is time to focus on those solutions with the greatest return on your investment. A constant problem in business is knowing how to see clearly through information overexposure and pick the right projects. Just think of how much stronger Achilles would have been had he placed armor over his heel (which was human) rather than his chest (which was immortal). There is no financially responsible way to lower your risk to zero, so you have to make the right choices. Most businesses will gain the greatest security by focusing on the following targets first:

  1. Bulletproof Your People. Most fraud is still committed the old fashioned way – by manipulating trusting, unsuspecting people inside of your organization. Train your people for what they are: the first line of defense against fraud. Begin by preventing identity theft among your staff and then bridge this personal knowledge into the world of professional data privacy.
  2. Protect Your Mobile Data. Laptops, smart phones and portable drives are the most common sources of severe data theft. The solution to this very powerful and ubiquitous form of computing is a quilt-work of security including password strengthening, data transport limitations,  access-level privileges, whole disk and wireless encryption, VPN and firewall configuration, physical locking and human decision making (e.g., don’t leave it unattended the next time you get coffee at your corporate conference).
  3. Prevent Insider Theft: Perform thorough background checks, reference verification and personality assessment to weed out dishonest employees before they join your organization. Implement an ongoing “honesty meter” for your employees that ensures they haven’t picked up bad or illegal habits since joining your company.
  4. Classify Your Data. Develop a system of classification that includes public, internal, confidential and top secret levels, along with secure destruction and storage guidelines.
  5. Anticipate the Clouds. Cloud computing (when you store your data on other people’s servers), is quickly becoming a major threat to the security of organizational data. Whether an employee is posting sensitive corporate info on their Facebook page (which Facebook has the right to distribute as they see fit) or you are storing customer data in a poorly protected, non-compliant server farm, you will ultimately be held responsible when that data is breached. You must be aware of who owns that data, today and in the future, when your storage company is bought out or goes bankrupt.

We have much to learn from the foresight of New Zealand; they are an excellent example of how organizations should defend their Achilles’ heel. To begin with, they have begun to acknowledge their vulnerabilities in advance of the problem (in fact, their chief vulnerability is that dangerous form of innocence that comes from having very few data theft issues, so far). In addition, they are taking steps to proactively prevent the expansion of identity theft and data breach in their domain (as evidenced by the corresponding educational story on 60 Minutes). Finally, they are targeting solutions that cost less and deliver more value. I was in New Zealand to instruct them on data security. Ironically, I gained as much knowledge on my area of expertise from them as I believe they did from me.

John Sileo speaks professionally on identity theft, data breach and social networking safety. His clients include the Department of Defense, the FDIC, FTC, Pfizer and the Federal Reserve Bank. Learn more about bringing him in to motivate your organization to better protect information assets.

6 Things You Should Never Reveal on Facebook

Yahoo.com just published the following article that every Facebook user should read. I recommend you follow each of these suggestions, and if you want to learn more, read my Facebook Safety Survival Guide.

6 Things You Should Never Reveal on Facebook

by Kathy Kristof

The whole social networking phenomenon has millions of Americans sharing their photos, favorite songs and details about their class reunions on Facebook, MySpace, Twitter and dozens of similar sites. But there are a handful of personal details that you should never say if you don’t want criminals — cyber or otherwise — to rob you blind, according to Beth Givens, executive director of the Privacy Rights Clearing House.

The folks at Insure.com also say that ill-advised Facebook postings increasingly can get your insurance canceled or cause you to pay dramatically more for everything from auto to life insurance coverage. By now almost everybody knows that those drunken party photos could cost you a job, too.

You can certainly enjoy networking and sharing photos, but you should know that sharing some information puts you at risk. What should you never say on Facebook, Twitter or any other social networking site?

Your Birth Date and Place

Sure, you can say what day you were born, but if you provide the year and where you were born too, you’ve just given identity thieves a key to stealing your financial life, said Givens. A study done by Carnegie Mellon showed that a date and place of birth could be used to predict most — and sometimes all — of the numbers in your Social Security number, she said.

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Facebook’s Law Enforcement Phone Option | Sileo

Facebook: Press 2 For Law Enforcement

Click Here to reach Facebook’s Law Enforcement Page

PLEASE NOTE: WE DO NOT HANDLE ANY FACEBOOK COMPLAINTS OR QUESTIONS, AS WE ARE NOT AFFILIATED WITH FACEBOOK IN ANY WAY. THANK YOU. 

I received an email last night from a well-known TV anchor wanting my input on a new Facebook issue.  He’d read that when calling Facebook Headquarters, the automated attendant comes on and gives you options to reach each department, and the second option was to press 2 for “law enforcement.”

It could seem odd to many, but it’s true. If you call the Facebook Headquarters (650-543-4800) and reach the switchboard, the 1st option is “For customer support, press 1” and the second option is “For Facebook law enforcement, press 2”. Law enforcement comes ahead of business development, marketing, press, and employment verification in the list of options.  When you press 2, the next message says: “This message is only for members of law enforcement. Please note that due to a very large volume of incoming calls, the current call back time is two to four business days. For a faster response, please leave your work authorized email address… A member of Facebook’s security team will email in a timely manner.” Which means that Facebook is very busy fielding calls from law enforcement.

The anchor, and the rest of us, want to know why!

Facebook receives all kinds of requests by law enforcement, as it is essentially a diary of each and every user. Don’t confuse it with a typical diary of the pre Web 2.0 era. The modern diary (or dossier, as I more commonly refer to social networking profiles) is a photo journal, video log, friendship org chart, location status, written history, browsing analyzer, that is so effective because it can be so addictive. In other words, the Facebook activity of an average user is a digital representation of  that user’s identity. So, to net it out, here several reasons law enforcement officers call Facebook:

  • Tracking listed sex offenders for inappropriate use of the Internet
  • Civil dispute subpoenas (domestic cases, child custody, harassment, etc.)
  • Evidence used in the discovery process (establishing intent, state of mind, relationships, etc.)
  • Cases of libel or defamation
  • Terrorist activity tracking and fundraising
  • Background checks for local, regional and federal governmental positions
  • Background checks on potential jurors (see tomorrow’s story about a juror who was dismissed because of a Facebook post)

This is a fascinating and under-reported aspect of social networks – they are providing an open book on people (for good and evil) that used to take investigators (and scammers) weeks or months to collect. All you really need is a subpoena, or to friend the person on whom you are collecting data.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=VgwQPhpRPd0&rel=0]

Are Your Kids Safe Online?

As a parent you are often worried about what your kids are being exposed to on the Internet. Apparently so are Facebook and the PTA. They have teamed up to teach parents and children about responsible Internet use. They plan to cover cyber-bullying, internet safety and security and “citizenship online,” according to a news release.

“Nothing is more important to us than the well-being of the people, especially the many teenagers, who use Facebook,” said Sheryl Sandberg, Facebook’s chief operating officer.

Facebook is the number one social media site with over 500 million users and a minimum age requirement of 13. Even that requirement can be easily fudged because Facebook has no way of verifying a user’s age besides asking for their birth date when they register. Parents are having trouble deciding whether to let their children join Facebook prematurely and what they should be cautious of if they do so.

Learn more on Protecting Your Children Online.

It is important to be educated when dealing with any form of social media or social networking website. Social networking is immensely powerful and is here for the long run, but we must learn to harness and control it. You should know the ins and outs, pros and cons, risks and rewards to using these online tools. Because teens and children don’t necessarily have the life experiences to recognize the risks, parents must educate themselves and pass that knowledge on with open and honest discussions on Facebook and Online Safety.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Privacy: Hide from Google

The New York Times recently published an article that discusses the severe changes Facebook has made to privacy settings. This is the last post on these changes and each post gives you details on how to manage these new settings so that you can gradually accumulate your Facebook Privacy.

What Can Google See? (Keep Your Data Off the Search Engines)

When you visit Facebook’s Search Settings page, a warning message pops up. Apparently, Facebook wants to clear the air about what info is being indexed by Google. The message reads:

There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile. They will still only see a basic set of information.

While that may be true to a point, the second setting listed on this Search Settings page refers to exactly what you’re allowing Google to index. If the box next to “Allow” is checked, you’re giving search engines the ability to access and index any information you’ve marked as visible by “Everyone.” As you can see from the settings discussed above, if you had not made some changes to certain fields, you would be sharing quite a bit with the search engines…probably more information than you were comfortable with. To keep your data private and out of the search engines, do the following:

  1. From your Profile page, hover your mouse over the Settings menu at the top right and click “Privacy Settings” from the list that appears.
  2. Click “Search” from the list of choices on the next page.
  3. Click “Close” on the pop-up message that appears.
  4. On this page, uncheck the box labeled “Allow” next to the second setting “Public Search Results.” That keeps all your publicly shared information (items set to viewable by “Everyone”) out of the search engines. If you want to see what the end result looks like, click the “see preview” link in blue underneath this setting.

Read more from the New York Times article that discusses the Facebook settings that every user should be aware of. Be proactive about what you share on Facebook and protect your online privacy!

Read The first 2 articles –

Facebook Privacy: Videos, Photos, and Status Updates

Facebook Privacy: Your Personal Info

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.