Facebook Secure or Dam Dam Daaaaaaaam? Part 1

Thursday, September 22nd, 2011 at 5:59 pm

By now you may be aware that recently I had a few problems with my blog, that caused me some sleepless nights, and a quite a few headaches.Which I am happy to report has been rectified and all is well again!

But that is a story for another post which is coming very soon “WordPress Security, Safety and Pain”

So it stands to reason that I have become really security conscious not only when it comes to my blog, but also my Social Network Accounts.

Recently I wrote a post “Social Networks and Security Issues, How to Combat Them” as part of the Social Media and Network Series which covered Security in general. Due to recent events I now want to take it up a notch and cover the Social Media Sites individualy and as Facebook is the number one Social Media Site, we’ll cover that first!

Please Note: If you have not yet read the previous posts please follow the link below and do so before continuing with this latest post. I would also recommend you read the comments and replies as they can often add a wealth of information to the original post. If you like a comment you are more than welcome to reply. Just hit the Reply link beneath the comment.

Better still leave a reply of your own

Social Networks in contemporary business scenarios

Social Networks and Security Issues, How to Combat Them

Ok, moving on: Facebook Secure or Dam Dam Daaaaaaaam? Part 1

Just for one minute stop …. and consider this! More than one billion pieces of information and content is shared each day with over half a billion Facebook users! Facebook connects over 500 million people from over 210 countries.

The granddaddy of all social networks, Facebook was started by Harvard student Mark Zuckerberg in 2004 as a website to connect students on campus. Facebook not only helps people to communicate with friends and distant family members, but also has promotional tools for businesses.

To quote Peter Parker’s (Spiderman) Uncle!…. “With Great Power, Comes Great Responsibility”

The security on Facebook is the responsibility of both Facebook and the people who use the platform … its users!

Protect Your Facebook Account

As with any personal account (bank account, credit card account) we ourselves are the first line of defence in protecting our account! Always use strong passwords, and take advantage of the many advanced security settings that provide authentication, as well as secure communications, and remember to log out when your finished.

Passwords

Most of us online have already dealt many times with this simple but important process “The Password” but you will be surprised at how simple some people make it, for it to be easily uncovered!

Change your password regularly (Every month)
Never share your password
Consider storing it in a password tool
Never use the same password for ALL of your accounts ( you will be amazed at how many people do this)

A strong password needs to be at least 8 characters, include numbers, and special characters, or take a word or phrase and remove the vowels from it (for example, “eat the cheeseburger” becomes “tthchsbrgr”). For more imformation on creating good strong passwords visit Creat a password you can remember

Also if your not very good at remembering passwords, use a password tool to remember for you. Most browsers now include a password vault, or you could consider a free tool like……

And … just in case you still forget, remember to add a security question and your mobile phone number in the account settings of your Facebook account.

Remember to Log out!

Logging out of Facebook when you’re not using it is an effective way to protect your account. People assume that if they exit the browser that also logs them out of Facebook…. It doesn’t. The next person who goes to Facebook on that computer will find themselves already logged in—to your account! This becomes even more important if you have accessed your account while travelling!

Another pointer to remember is that, if you forget to log out of an active session, you can always remotely close that session from the account security section of the accounts settings page.

How to Avoid Scammers

On Facebook, identifying scams or scammers is not easy and can be quite tricky as most of the messages you will receive appear to come from people you know and trust. So how do you spot a scam on Facebook?

None of the common Facebook frauds like “Facebook dislike button,” the “stalker tracker” (which is suppose to tell you who’s visiting your profile), and “watch this video” tricks, are new, but people still fall for them.

The General Scammer

Scammers target Facebook for the same reason they target other area’s of the Internet … they want YOUR information, they also want to deceive and trick you into downloading malicious software on to your computer.

Phishers steal personal information, often the data needed for identity theft and fraud. Phishing is an attempt to trick users into revealing personal information or financial data.

On Facebook, phishers try to scam you in various ways; in status postings on your profile, in Facebook messages, and in Facebook chat.

Account thieves trick you into logging into a fake Facebook screen in order to steal your Facebook login and password.
This is why you should always check the address in your browser bar to make sure you are actually on Facebook!

Malware pushers want to install destructive software on your computer. That malicious software, is called malware, it is designed to harm your computer or steal personal information. How do malware pushers target Facebook users? You’ will generally be shown an offer to download and install new software on your computer.

Remember we are the first line of defense – Before you Click … Think!

Facebook Scammers

There are specific Scams that are intentionally designed to target Social Media Sites, and more specifically Facebook!

Those that can be related to scams include, Facebook account thieves, Malicious Scripts, those who ClickJack.

Beware the Facebook Account Thieves

When accounts are hijacked / stolen it is usually when the unsuspecting victim is lured into accessing a false login screen. So what method do they tend to employ?

While you are actually logged in and using Facebook they will catch you off guard and present you with a fake login! They can do this by posting something on your wall thats of interest that includes a luring link to another item. They could try and fool you by using a login they have already stolen from one of your friends.

Upon clicking the link you are requested to log in again to your account … BUT your not on Facebook anymore! When you enter your details the link has taken you to their mock-up site and you have handed over your details to the scammer!

Some of these screens can be pretty convincing take a look ….

You can see that on this address bar “Facbook” is spelled wrong, making it easy to discover that it’s a fake log-in screen. This is a scam that has been well planned, since the human eye generally inserts a missing vowel when reading without even noticing.

What can you do to prevent being conned like this?

First: Facebook will never contact you or send a message on Facebook or post a status message on your wall.
Second: Look at the address bar and links before you select them.
Third: Don’t Click it, if it looks suspicious!

If Facebook does contact you it will be via email and to the one you supplied when you joined.

You are required to log in only once in each session of Facebook, remember that!.

Malicious Script Scam

It’s one of the more subtle attacks that those who use Facebook have to deal with and fend off. By allowing you to see who is looking at your profile is a common con used by this method of attack as claimed. You will be encouraged to paste text into your browser address bar by this particular scam.

Take a look at the Maliscious Script and coding below…..

While you’re patiently waiting, as you’ve been told to, the script is finding a way to spam anyone on your list of friends. Facebook now checks all scripts being added to the address bar. That means when you paste a script, Facebook invites you to validate your intention, telling you why it’s not a good idea!

ClickJacking

Clickjacking is what scammers do when they delude users to go to links and buttons that they cannot see. You can be clickjacked because there are weaknesses in web browser security that allow site pages be hidden under layers. You think you are clicking a normal button, but in fact your clicking a hidden link!

You will have no idea of what your doing really because the clickjacker’s hidden link is never seen. Most people do not realize how easy it is to download malware or publicize Facebook information. You might have already fallen victim as it is easy to go unnoticed.

One way to clickjack is by hiding a button that says LIKE below a false button that says something else. This is called LikeJacking. Likejacking looks far more irritating than harmful but if you take a deeper look into it, you will find that it is not so! Not much damage is going to be done if you scammed into liking the X-Factor for example, but you could be helping to spread spam or even directing your friends somwhere that contains Malware!

Ways to prevent being a victim of jacking

By staying current on browser updates you can minimize your risk.
When using Firefox, you can install the add-on for “NoScript”, too.
If a post seems suspicious from one of your friends – don’t click it!

Another great tool you can use is “Web of Trust” (WOT) to help against getting clickjacked. This tool is a completely FREE browser tool which keeps a complete database of sites that are known to be secure as well as those that have been reported to be malicious.

Using WOT combined with the existing Facebook checks, you will be adding to your armoury against potential hackers.

Phew!! … Well that’s it for part 1, in Part 2 we will cover:

Advanced Security Settings
Monitoring Account Activity
Recovering a Hacked FB Account
Preventing and Stopping Imposters
Top Tips

As you know I love hearing from you and reading your comments so please share your thoughts below: and if you have found the post useful and beneficial please share it

If you use Twitter, Google’s +1 or Facebook please hit the button below and share it for me please!
Catch up soon

Filed under: Blogging • Social Media and Networks

Like this post? Subscribe to my RSS feed and get loads more!

Comments RSS Feed
TrackBack URI

20 Comments

Adrienne says:

09/22/2011 at 9:30 pm

Twitter: adriennesmith40
Wow Ian, great job going over all the different things people should be aware of. I can’t tell you how many apps I block every single day. For one thing, I don’t have time to play around on Facebook and for another thing, I don’t trust the majority of them.

So one thing I am guilty of is having the same passwords on the majority of my sites. Not all, but the majority. But, it’s not an easy password to hack either and I’m very careful about what I click on. It was probably a couple years ago that I was the victim of one of those scams and they got me good. I learned my lesson then.

I also keep my passwords on a secure site as well plus I live alone so no one else uses my computer but me. Once again, I’m safe in that respect.

Thanks for pointing all of this out because I know a lot of people aren’t aware of some of this. Just think before you act and if it looks suspicious, it is. Never click on something you aren’t sure of and don’t download every thing someone shares with you. If you aren’t going to use it, forget it.

Great post Ian… You’re the man!
Adrienne recently posted..Facebook Update #259

Reply
- Ian Ieba says:
  
  09/23/2011 at 9:29 pm
  
  Twitter: IanIebablog
  Hi Adrienne
  
  How are you, all’s well I hope?
  
  Thanks for dropping in always a pleasure to see you Adrienne. I too have had problems and issues with Apps, and just lately receiving quite a few PM’s from females wanting a relationship! I do not think so, “Delete button straight away”
  
  Since joining Sally’s training Program I have become more active on Facebook, but up until then my account was quite inactive and used occasionally but now I am enjoying the experience a lot more. I hope that makes sense?
  
  You know Adrienne I routinely change my password every month on all my accounts now, and I am more aware of what “click” now more than I ever was before. Why is it we nearly always have to learn the hard way!
  
  Like you Adrienne I keep my passwords stored in a password Storage vault online, and I also use a password generator each time I change it!
  
  Sound advice about “if something looks suspicious it probably is” don’t download and don’t click it!
  
  I’m happy you enjoyed the post Adrienne and thank you for your input, I’ll be seeing you real soon …
  
  Take care
  
  Ian
  Ian Ieba recently posted..Facebook Secure or Dam Dam Daaaaaaaam? Part 1
  
  Reply
Dawn Kay says:

09/22/2011 at 11:04 pm

Twitter: Dawn_Kay
Hi Ian

God that fake Facebook site was a good clone and I can see
that a lot of people would fall for that one.

I guess it’s common sense really and never click on anything
that we’re not sure about.

I do have strong passwords and am guilty of not changing them regularly
enough so need to sort that.

I hope your repurposing these security posts Ian because they really do help a lot of people and would make a fantastic product for you.

Well done – luvvvved it

Dawn
Dawn Kay recently posted..My First In Front Of Camera Video And An Exclusive Bonus From Sally

Reply
- Ian Ieba says:
  
  09/23/2011 at 9:49 pm
  
  Twitter: IanIebablog
  Hi Dawn
  
  You would be amazed Dawn of how many different and authentic looking FB Login scams are out there, but a good rule of thumb when checking the address bar is; if you’re not sure “don’t click it”
  
  I have all my passwords stored in an online vault, that is changed every month with a password generator, and each account has a separate password. I would highly advise anybody to do that, what with the crafty ways the scam artists and hackers operate.
  
  You must be reading my mind Dawn! Product creation already underway and will hopefully be available before December, but I am currently working on another product for my PLR series!
  
  I am really pleased you liked the post and more so if it has helped you in some way. Thank you for dropping in, it’s always a pleasure to see you here Dawn ….
  
  Enjoy the F1 …
  
  Take care, catch up soon
  
  Ian
  Ian Ieba recently posted..Facebook Secure or Dam Dam Daaaaaaaam? Part 1
  
  Reply
Nigel Yip says:

09/23/2011 at 11:21 am

Twitter: myfirstmarketin
Hi Ian

Wow what a monster of a blog post (a good way of course), jammed pack of great valuble information, you really have overdelivered with this and it’s most wonderful that you sharing such a resourceful and informative post with us all.

I think you blog post has really helped and will help many others realise that it is essential that one must employ some common sense when using these social websites, and sharing personal information about themselves. It’s such as shame that sometimes, some don’t and that’s when we all hear about them on the news.

Anyway keep up the great work Ian, I noticed on Facebook, that you did brilliantly on your first Co-Organised webinar with Sally last night – Congratulations and well done!!!!!

Best wishes
Nigel
Nigel Yip recently posted..LWS 4 – It’s not About Me, It’s about You!!!

Reply
- Ian Ieba says:
  
  09/23/2011 at 10:36 pm
  
  Twitter: IanIebablog
  Hi Nigel
  
  How are you mate, hope all is well with you?
  
  Thanks for dropping in and sharing your thoughts Nigel, I really appreciate it!
  
  You know it’s so true we are the first line of defence when it comes to our own accounts! As you point out a modicum of common sense is required but it’s surprising how many simple mistakes we can make!
  
  Following some simple but important guidelines can help us tremendously in giving us a safer and more secure social network experience.
  
  Yes! My first Co-Hosting experience with Sally last night on the “LWS Coaching Program” it was amazing Nigel, I was nervous but really enjoyed it. Another fear overcome and can be ticked off!
  
  The Course has been truly fantastic, and I am enjoying every minute of it, and the people are amazing also; always willing to help and offer support we have a great bunch of people involved in the course.
  
  Thank you for your input Nigel and for your kind words I am really pleased that you enjoyed the post and I am really happy if you have found it of some benefit.
  
  Take care, catch up real soon
  
  Ian
  Ian Ieba recently posted..Facebook Secure or Dam Dam Daaaaaaaam? Part 1
  
  Reply
Barry Wells says:

09/24/2011 at 3:57 pm

Twitter: barry_wells
Hi Ian, I was here the other night before class but it got to close to the bell time and I can’t be late for class, can I

I have to put my hands up Ian, I’m guilty of using the same password for most of the accounts. However in my defence, since our recent escapade I’ve changed all the important ones. Having now read this I realise they’re all important and will change them all and make an individual password for each account. Then try and remember to change them all on a regular basis

I’ve just purchased Roboform so that isn’t a problem either, as long as i remember

It’s really easy to clone a page and people need to be aware of the issues you’re raising here. With a few clicks I can have the page details on my html editor and go to work on it. Not that I would know what needs changing but I do know how to get the page, as most do I think.

A simple miss spell is so easy to over look in the domain. I remember a post years ago that had one area that had the letters of each word in each word but they were all jumbled around and he said to just read it as normal and you know what Ian….. Everyone that left a comment could read it at a normal speed.

The post was saying about how our brain retains the info and slots it in to place as we go.

Great write up mate, thanks for the nudge on the passwords. I’m off to sort it now while its fresh on the mind

Catch up soon Ian,
Barry
Barry Wells recently posted..One Step Back, Two Steps Forward and The Journey Continues

Reply
- Ian Ieba says:
  
  09/25/2011 at 4:08 pm
  
  Twitter: IanIebablog
  Hi Barry
  
  No you cannot be late for school mate!
  
  Like You Barry following recent events, I have changed all my passwords and they are stored! Each one of my accounts has a new individual password which I now routinely change each and every month!
  
  Roboform is a very good password tool Barry and well worth the $9.95 I also have this tool.
  
  Yes it is very easy to get these pages and edit them and the scammers and hackers are very good at doing it, and they are coming up with new strategies each day! It’s so important to be vigilant when signing in to our accounts and now I always check the address bar!
  
  I have come across something very similar to the example you have given Barry ….
  
  “Aoccdrnig to a rscheearch at Cmabrigde Uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteers be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm.”
  
  Thanks for your input Barry it’s always appreciated mate as it your comments ….
  
  Take care, Catch up soon
  
  Ian
  Ian Ieba recently posted..Facebook Secure or Dam Dam Daaaaaaaam? Part 1
  
  Reply
Julie says:

09/25/2011 at 7:07 am

Twitter: jmd164
Hi Ian,

Is this why Facebook change things around all the time? I found lately and I must say, made a moan about it there the other day), that there’d been quiet a few regular changes with fb.

A wee bit ago I’d had video clips on my wall from a ‘friend’, looking closely at the video still image before clicking (and glad I did) it was not something that that friend would have sent around! And also ‘shared news clippings’, where I did click the link but was then asked to confirm access …. um, no thank you!

I do use several passwords but there could be that one is used several times, something I need to change.

@Barry,
Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.
ceehiro.

Great post Ian and thank you for looking into this topic and sharing your findings – it really does help

Take Care now
Julie
Julie recently posted..Quick Test

Reply
- Ian Ieba says:
  
  09/26/2011 at 10:18 am
  
  Twitter: IanIebablog
  Hi Julie
  
  There have been a few changes to Facebook, but of late there’s the News Feed on the Homepage and Mini-Feed on each person’s profile!
  
  “News Feed highlights what’s been happening in our social circles and it updates a list of personalized stories throughout the day. You’ll get the latest headlines generated by the activity of your friends and social groups. Mini Feed is similar, but it centres around one person”
  
  You should try and have one password for each of your accounts and change regularly say every month, and use a password storage tool if you cannot remember all your passwords (Which is what I do as I can’t remember them all!)
  
  I know what you mean about our brains having the ability to read misspelled words, and I have seen the one you mention above it’s amazing when you really think about it!
  
  I’m pleased that you enjoyed the post Julie hopefully it’s benefited in some way. Thanks for dropping in and your input it’s appreciated.
  
  Take care, Catch up soon
  
  Ian
  Ian Ieba recently posted..Facebook Secure or Dam Dam Daaaaaaaam? Part 1
  
  Reply
Linda says:

09/30/2011 at 4:45 pm

Twitter: IMarketerLinda
Another excellent post.

I’ve never heard of most of the tools mentioned here, so I am off to check them out. You can never take too many precautions to stay safe.

That addon – Web of Trust – I just added it, but it reminds me of my antivirus software. So many times, recently I have been blocked from being able to access pages – what kills me is that they weren’t even pages I was going to go to…so either a pop up or some malware or something on my PC, which I am running a scan now.

Thanks for the very useful tips.

Linda
Linda recently posted..Thank you Kathy Dobson for My Prize Winnings

Reply
- Ian Ieba says:
  
  10/02/2011 at 10:59 am