What is Social Spam?

Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.
2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.
3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).
4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.
5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must Own Up to your responsibility. Follow these 5 Steps to Minimize the Risks of Social Spam:

1. If the offer in the post is too enticing, too good to be true or too bad to be real, Don’t Click.
2. If you do click and aren’t taken directly to what you expected, make sure you Don’t Click a 2nd Time. This gives the spammer the ability to download malware to your system.
3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.
4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.
5. Don’t befriend strangers. Your ego wins, but you loose.
6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Related posts:

1. Twitter Security Loophole Exposes Your Direct Messages
2. Has Twitter Peaked? Is Privacy Back?
3. Facebook Safety: New HTTPS Facebook Settings

I’ve got a neighbor who’s going back to college this week and reminds me that this is by far the highest risk group for identify theft and it’s for a couple of reasons.  When these kids are going off to college, it’s the first time they are getting true financial independence, which might never have been trained to handle.  They have access to credit cards, to new bank accounts, and they’re managing it themselves.  That’s a huge red flag that there’s going to be trouble.  Number two, they’re going into an environment where their stuff is not particularly protected.  They’re in a dorm room, they’ve got roommates that may need extra cash; they know they can take advantage of them.  So it’s kind of a high risk environment.  The third reason is because they do so much online.  There’s so much social media interaction and that’s where ton of information is stolen. So you need to take some of these steps that are in this blog post.  Help your students take them.  It will help them out not just this year in college but helping them build their financial future going forward.  Your identity is pretty much everything in terms of your net worth. You got to take care of it now.

John speaks professionally about social media privacy and identity theft to college students.

Related posts:

1. College-Bound Students are Vulnerable as Identity Theft Targets
2. College Students Destroy Financial Future with Poor Choices
3. Identity Theft Speaker

Why You Should Share Facebook Privacy Settings with Friends

A true friend does more than just post updates about their conquests on your wall. They share information with you that makes your life better, even if it isn’t exactly what you want to hear. And you do the same for them. But are your friends unwittingly sharing too much information about you with others (strangers, advertisers, app developers, scammers)? Probably. For example, if they (or you) haven’t customized your privacy settings lately, you are giving Facebook permission to:

• Publish your name, photo, birth date, hometown and friend list to everyone?
• Indirectly share your restricted data with outsiders through your friends?
• Let your friends check you in to embarrassing locations where you aren’t?
• Post your Likes as advertisements on friends’ walls using your name?
• Authorize Google to index, access and share your information on the web?

Taking simple steps will make a significant difference. Start with the 7 Facebook Privacy Settings below and ask your friends to do the same. It benefits their privacy and yours. The video to the left quickly walks you through how to get to each level of privacy setting. If the video is too small for you to see the pointer, simply click on the four arrows in the bottom right-hand corner of the video viewer (to the right of the YouTube logo) to view in full-screen mode. For better resolution, use the drop down menu to switch to 720 HD.

7 Facebook Privacy Settings to Share with Your Friends

1. Hide Your Hometown, Friends & Interests from Strangers. You may want every last soul on Facebook to know who your friends are, but your friends might not appreciate being part of your popularity contest. And believe me, you don’t want outsiders knowing where you live, where you were born and what interests you. To block people other than your friends from seeing your these items, in the upper right hand corner of your home Facebook screen once you are logged in, click Account>>Privacy Settings. Then go to View Settings (under Connecting on Facebook). Set See your friend list, See your current city and hometown, See your education & work and See your likes, activities and other connections to Friends Only. You can even block everyone, including friends, from seeing these personal tidbits by clicking on the Everyone button, selecting Customize and choosing Only Me.
   
2. Restrict (or alter) Your Personally Identifying Information (PII). Facebook PII includes your Birthday, Address, Email, IM Screen Name and Phone Numbers. With just your name, birthdate and hometown, a scammer can easily recreate your Social Security number, steal your identity, or rob your home while you’re on vacation. My recommendation is to leave these fields blank in the first place (where possible) or fill them with partial or inaccurate information (make up a birthdate that is close to yours but not exact. Please note this may be in violation of Facebook’s user policy.). Either way, you should also limit others from accessing your PII. Click on Account>>Privacy Settings and then Customize Settings (towards the bottom of the sharing grid – look for the tiny pencil). Each drop down box to the right allows you to Customize your setting for that item. Using the Customize option, set Birthday (under Things I share) and Address, IM Screen Name, Email, Phone Numbers (under Contact information) to Only Me. Consider setting Religious and political views and Interested in to Only Me or Friends Only as well. The primary way a social engineer (information con artist) exploits you is by understanding what interests you. 
3. Stop Broadcasting Your Whereabouts in Places. Like the popular application Foursquare, Facebook Places allows you to check in to real-world locations and share your whereabouts with friends (so that burglars know exactly when to rob you). There are two relevant settings regarding Places. First of all, you should limit which users can see which places you can check in to. Click on Account>>Privacy Settings and then Customize Settings (see the first video for direction). Set Places you check in to (under Things I share) to Only Me (using the Customize feature) if you want to disable Places or to Friends Only if you want your friends to know your location. In a very strange default setting, Facebook allows your friends to check you in to places (e.g., a friend checks you in to a strip club while you are at the library). To turn this off, on the same screen, click on Edit Settings next to Friends can check me in to Places (under Things others share). In the drop down menu, choose Disabled and click Okay.
4. Limit How Your Photos & Videos are Shared. If you allow everyone to see photos or videos in which you are tagged (the default), anyone can post a compromising photo of you (friend or otherwise) and then share it with the world by tagging you in the photo. This can lead to some very embarrassing situations (you’d never post the pictures taken at the bachelorette party, but the scorned bridesmaid just might). There are two settings you need to change to fix this. First, click on Account>>Privacy Settings and then Customize Settings (find the pencil). Click on Edit Settings next to Photos and videos you are tagged in (under Things others share). Change the drop down menu to Customize and change the setting to Only Me if you don’t want others to see your tagged photos or to Friends Only if you want your friends to see the tagged photos. Click Save Settings. Then, in respect for your friends, make sure you aren’t accidentally allowing their friends to see photos in which you tag them. To do this, go to Account>>Privacy Settings. Towards the bottom of the page (above the pencil) is a check box that says Let friends of people tagged in my photos and posts see them. Uncheck this box. 
5. Restrict Google and Apps from Mining Your Identity. By default, Facebook allows search engines like Google and applications (apps) like Farmville access to certain personal information. After all, Facebook is in the business of inventorying your identity and then selling it to vendors and advertisers. To regulate how much is shared, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). First, go to Public search and Edit Settings. Unclick the Enable public search check box to keep the search engines out of your profile. If you use your Facebook profile for business and want to be searchable, leave public search enabled. Next, go to Apps you use and click Edit Settings. Review and Edit every app that has access to your private information or delete the access entirely. Having all of your social networking profiles connected and using Facebook as a centralized login for convenience is a recipe for privacy disaster.
6. Limit What’s Accessible Through Your Friends. No matter how tightly you lock your privacy down in Facebook, if you don’t restrict what strangers, vendors, advertisers and Friends of Friends can see through your friends, you have done very little to actually protect yourself. Here’s how to limit what your friends can share (knowingly or unknowingly). First, click Account>>Privacy Settings and then Edit your settings (under Apps and Websites in the bottom left-hand corner). Next to Info accessible through your friends, click Edit Settings. You will see an entire list of data that can be accessed through your friends Facebook page, EVEN IF THE SAME INFORMATION ISN’T ACCESSIBLE THROUGH YOUR PAGE (because you customized your privacy settings in steps 1-5). This is quite possibly the most devious aspect of Facebook. I only have two or three items checked here – those pieces of information that I wouldn’t mind seeing on the front cover of USA Today. That is how public these bits of data become if you allow your friends to share them. 
7. Turn On Your Account Security Features. Facebook has several built-in security features (turned off by default) that make your social networking a safer virtual world. Click on Account>>Account Settings and then Security (left column). First, under Secure Browsing (https), check the box next to Browse Facebook on a secure connection (https) whenever possible. The gives you bank-like security when accessing your Facebook pages. Under Login Notifications: When an unrecognized computer or device tries to access my account, check the box next to Send me an email. That way, if someone gains unauthorized access to your Facebook account on a non-registered computer (your computers and phones will be registered), Facebook automatically locks the user out. If you don’t mind sharing your mobile phone number with Facebook (I don’t share my # with them), you can implement a third security feature. Under Login Approvals: When an unrecognized computer or device tries to access my account, check the box next to Require me to enter a security code sent to my phone.

If you just took these first 7 Steps to protect your Facebook privacy – congratulations – your profile and data are more secure than 99% of the Facebook population. Now it’s your turn to be a good friend – pass this on to someone you care about, and ask them to spend a few minutes protecting themselves. It’s a win-win for everyone.

John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com or contact him directly on 800.258.8076.

Related posts:

1. 5 Steps to Avoid Facebook Destruction in Business
2. 5 Steps to Good Privacy Habits
3. Facebook Reveals the End of Privacy

In their report, Symantec wrote:

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

These “access tokens” help apps interact with your profile.They are most often used to post updates from the application to your wall. When you add the applications to your profile you, as the Facebook user, is giving the apps access to your information by accepting their conditions.  According to the investigation, these tokens were included in URLs sent to the application host and were then sent to advertisers and analytics platforms. If the recipient recognized the codes (meaning they have to be qualified to read and write HTML code), they could gain access to the user’s wall’s and profile.

It was announced on Tuesday that the flaw has been fixed by Facebook, but I still recommend that you change your password. And don’t just change it every time Facebook experiences a breach, but every few months. By keeping all of your passwords current and original, you are decreasing the chances that you will be hacked and that your accounts (financial, social, and otherwise) will be compromised.

John Sileo is one of America’s leading Social Networking Security Speakers. You can learn more about Facebook Safety and how to protect yourself online here. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Related posts:

1. Facebook, Cigarettes and Information Addiction
2. Your Apps Are Watching You
3. Facebook Safety: New HTTPS Facebook Settings

What happens when that same scam is used on Facebook by one of your friends, by someone you trust? The results can be disastrous. One woman was scammed out of $366,000 because she felt sorry for the scammer’s sob story. The woman contacted the local authorities after realizing she had been conned by her Facebook “friend”. Police arrested six male suspects in Kepong, all allegedly connected to the Facebook scam: two Nigerians, two Bangladeshis, and two Malaysians. Investigators only managed to recover $5,000 in cash of the victim’s money, although they also seized 18 ATM cards, seven cell phones, and a laptop.

At least in this case the men were apprehended. In most scams of this nature there is no chance of finding the scammers and the money is long gone. Even when one of your Facebook friends asks you for something (money, help, information), your first reaction should be healthy skepticism. Verify that what they are saying is true (call them before sending money). Often times, a thief will take over a friend’s account or create a false account in order to gain your trust and eventually, your money.

John Sileo trains organizations on how to keep employees from falling for fraud based on data they have posted on Facebook. His clients include the Department of Defense, Pfizer, Homeland Security, FDIC, FTC, Federal Reserve Bank, Blue Cross Blue Shield and hundreds of corporations and organizations of all sizes. Learn more about his high-content financial speeches.

Related posts:

1. Nigerian Scam Takes a New Form
2. Facebook ‘Dislike Button’ is a Scam!
3. Identity Theft Scam Stole Millions – Pennies at a Time

Related posts:

1. Facebook Safety: New HTTPS Facebook Settings
2. Avoiding Social Spam Hackers on Facebook and Twitter
3. 5 Steps to Avoid Facebook Destruction in Business

Think of your move into social media (Facebook/Fan/Business Pages, LinkedIn, Twitter, YouTube, etc.) like you would approach the task of helping your fifteen-year-old daughter prepare to drive on her own. You love her more than anything on earth and would do anything for her (just like you will go to great lengths grow your business), but that doesn’t mean you just hand her the keys. Trying to forbid or ignore the movement into social marketing is like telling your teen that they can’t get their license. It isn’t going to happen, so you might consider putting down the denial and controlling those pieces of change that are within your power. The task is to maximize the positives of her newly bestowed freedom while minimizing any negatives; the same is true in social media.

Here’s a simple plan to follow that will help keep you safe and productive:

1. Understand the Risks & Rewards. Just like you need to know the risks of a teen driving (peer pressure, alcohol, inexperience, inferior equipment), you need to fully understand the risks of operating this powerful piece of equipment we call social media or social networking. Privacy Concerns: Users who fail to customize their Facebook privacy, security and sharing settings are giving away massive amounts of information to other Facebook users, Facebook Vendors (e.g., Farmville), Facebook itself and potentially competitors, thieves and social engineers. Over Exposure: You can share too much on Facebook, including posts, photos and videos that you later regret uploading. If done improperly or without thought, this can lead to increased risk of identity theft, reputation hijacking, burglary or fraud. Reputation Damage: AFLAC fired comedian Gilbert Godfrey as their spokesperson for making a negative comment about the insurance giant on his wall. How you and your employees use social media directly influences your reputation.  Account Takeover: Imagine a pornography crime-ring taking over your fan page for a day. It’s usually not this extreme of a case, but accounts are constantly being compromised and used for nefarious and illegal purposes (sending SPAM, peddling pornography, covering crimes). Just because there are risks doesn’t mean you abandon the medium. It means that you prepare for them, just like training your daughter to drive defensively, break properly on ice and make smart choices about who gets in the car.
2. Define Your Destination. Many businesses that utilize social media don’t actually know why they are using it, other than it’s the thing to do. But using it effectively takes a huge time and knowledge investment, so make sure you define what you want to achieve before you invest. Are you there to make friends, to network, to increase visibility, reshape your reputation or improve customer service? Driving without a destination in mind might be fun, but it will ultimately get you nowhere.
3. Choose the Right Equipment. Once you have defined your objective, you will have a better idea of which social medium to use (Facebook, Fan Page, Twitter, etc.). If your objective is to get your daughter safely from one place to another, you will choose a very different car than if you are trying to enhance her image with friends by buying a sports car. Trying to be part of every last social network means that you will use none of them effectively. Choose one or two platforms and take the time to perform the final two steps.
4. Fasten Your Seat belt. An hour spent understanding and modifying the default privacy and security settings (which are very lax by default) on Facebook or another social site can save you and your organization tragic amounts of data loss and abuse. Our refusal as a society to take this simple, available step to protect our information is the equivalent of not fastening our seat belts while driving. Is it slightly inconvenient and a occasionally uncomfortable? Yes. Does it drastically increase your safety? Without question. With great power comes great responsibility, and we must start communicating that to others around us.
5. Educate Your Driver. This knowledge, from awareness to customization, is only effective if it is passed on to others. You might know how to drive safely, but that doesn’t mean your daughter has picked it up by osmosis. The same is true inside of your organization; it’s not good enough for you do drive safely, the other members of the team must do the same – and not just for their own good, but because it also helps you be safe. After all, just like your daughter will ride in another teen’s car (and you want them to be well trained), your contacts will be handling your data in a social context (think of the picture of you at a St. Patrick’s Day party they consider posting) and need to know how to treat it.

There is nothing gained by ignoring or denying this social movement. It won’t be stopped and you will be part of it, either directly or indirectly. In turn, your business will be affected by how the employees and executives approach and even leverage the energy of social media. If you’re not out there educating your drivers, they are off doing it on their own anyway, seat belt-less and clueless.

John Sileo trains organizations on information leadership, including social media control, identity theft prevention and reputation management. His satisfied clients include the Department of Defense, FDIC, Pfizer and Homeland Security. To bring John in to speak to your organization, contact his staff on 800.258.8076 or watch him entertain audiences with vital content at www.ThinkLikeASpy.com.

Related posts:

1. 7 Steps to Secure Profitable Business Data (Part I)
2. 7 Steps to Secure Profitable Business Data (Part II)
3. 7 Steps to Stem Facebook Privacy Bleeding

On a site like Facebook that houses so much of your personal reputation and information, it is good to keep passwords new and difficult to hack. We see people’s Facebook profiles get hacked every day from clicking on malware and phishing schemes – and once they have your Facebook password, they probably have the same password you use on other accounts. Changing your password frequently, as simple as it sounds, is an easy way to avoid some of the privacy problems posed by Facebook. Once you are logged in, visit your Account Settings Page. On the first page next to Password click change.

Now that you are in your Account Settings, spend a minute clicking around to explore some of your other settings. While changing your password doesn’t solve all of your security issues, it will help you feel a bit safer on the social networking giant!

Related posts:

1. Facebook Safety: New HTTPS Facebook Settings
2. Facebook Privacy Settings Update
3. Facebook Reveals the End of Privacy

Did you know that Facebook can use photos you post on the site in advertisements targeted on the right (advertising) side of your contact’s profile?

Unless you customize your privacy settings, Facebook can share just about anything you post with just about everyone. Using your intellectual property for their financial gain is not a new Facebook issue, but one that should be revisited due to recent Facebook Privacy changes. Here’s the funny part: you gave Facebook the right to use any of your content in any way they see fit when you signed up for your account and didn’t read the user agreement. If you visit the Facebook Statement of Rights page you will see the following:

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
3. When you use an application, your content and information is shared with the application.  We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information.  (To learn more about Platform, read our Privacy Policy and Platform Page.)
4. When you publish content or information using the “everyone” setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
5. We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have no obligation to offer them).

Make sure you customize your privacy settings so that you are sharing your data at a level comfortable to you. One place you may not realize you need to check is Facebook Ads. When you visit your Account Settings page the last tab on the right is Facebook Ads. By clicking on it you can adjust your settings  — after you read their pop up on not selling your information. Where is says “Allow ads on platform pages to show my information to” and “Show my social actions in Facebook Ads to” Check No One. This gives you just a bit more control over what Facebook can share about you and your profile.

As it states above,  information you delete from your Facebook may not be permanently deleted. Just know that once something hits the internet it is there for good. Posts, pictures, videos and comments on social networking site are public, permanent and exploitable.

Related posts:

1. Facebook Privacy: Videos, Photos and Status Updates
2. Facebook Safety: New HTTPS Facebook Settings
3. Facebook Boiling the Privacy Frog (You)

Meanwhile, consumer costs, the average out-of-pocket dollar amount victims pay, increased, reversing a downward trend in recent years. This increase can be attributed to new account fraud, which showed longer periods of misuse and detection and therefore more dollar losses associated with it than any other type of fraud. – Javelin Strategy & Research

The cost to resolve identity fraud issues rose dramatically in 2010 because there was a change in the type of fraud that was being committed. New Account fraud is on the rise and this is the hardest type to detect and costs the victim the most. The majority of thieves who use friendly fraud, where they target friends and relatives they know, are able to do a lot of damage by setting up new accounts in the victim’s name. Since the victim has no idea that they are a victim, they can continue to use their identity longer, which racks up more financial theft.  

Rising problems include account takeover, friendly fraud, and people failing to use privacy settings on social networks. Too few consumers are failing to protect their data, ranging from lack of anti-malware software on personal devices, mailing paper checks or financial statements, and weak online passwords. Individuals need to do a better job monitoring their personal information (limit what you give when opening new accounts) and monitoring current accounts with text and email alerts for money spent and other transactions.

Javelin found that 48% of all reported identity fraud cases were first detected by consumers, which reinforces that we need to monitor our accounts regularly.  Another important way to protect yourself it to order, review, and know what is on your credit report. You can do this at least 3 times a year for free.  Consumers can request a copy of their credit report from one of the three nationwide credit reporting agencies through AnnualCreditReport.com.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.

Related posts:

1. 2009 Identity Theft Statistics
2. Identity Theft Statistics: Online Shopping & Cyber-Intrusion
3. Discover and Recover Quickly from Identity Theft in 2010