Sunday, March 20, 2011

Biggest Facebook Security Threats


Forget those phishing emails that attempt to get your credit card or bank sign-in information. When crooks want to know how to get into your bank account, they post a message on Facebook. These messages appear so innocuous and so appropriate in the Facebook setting that you are likely to not only get conned, but pass on the scam.


Facebook is the new frontier for fraud, says Tom Clare, head of product marketing at Blue Coat, an Internet security company that does annual reports on web threats. In just this past year social networks have soared to 4th from 17th most treacherous web terrain -- behind porn and software-sharing sites, which you probably know to avoid.

What makes Facebook so treacherous? Us.

It starts with the fact that we are inundated with requests to set up passwords to get into our work computers, our online bank accounts, Facebook and every other web-based subscription. So what do we do? We use the same password.

"Crooks understand that most users use the same password for everything," says Clare. "If they can get your user credentials for your Facebook account, there's a good chance that they have the password for your bank account."

If you are smart enough to have separate passwords for Facebook and your financial accounts, crooks get at you through a variety phishing attempts that you might think are Facebook games and widgets. But look closely and you'll realize that they deliver answers to all of your bank's security questions -- and possibly clues to your passwords -- right into the hands of the crooks.

Think it couldn't happen to you? Let's see if you recognize any of these recent Facebook messages that jeopardize your security. All of these came from my Facebook friends in just the past few weeks:

1. Who knows you best?

The message reads:

Can you do this? My middle name __________, my age ___, my favorite soda _______, my birthday ___/___/___, whose the love of my life ______, my best friend _____, my favorite color ______, my eye color _______, my hair color ______ my favorite food ________ and my mom's name __________. Put this as your status and see who knows you best.
How many of these are the same facts your bank asks to verify your identity? Put this as your status and everybody -- including all the people who want to hijack your bank account and credit cards -- will know you well enough to make a viable attempt.

2. Your friend [Name here] just answered a question about you!

Was it possible that an old friend answered a question about me that I needed to "unlock?" Absolutely. But when you click on the link, the next screen should give you pause: 21 Questions is requesting permission to ... (a) access your name, profile picture, gender, networks, user ID, friends and any other information shared with everyone ... (b) send you email ... (c) post to your wall ... and ... (d) access your data any time ... regardless of whether or not you're using their application.

Can you take that access back -- ever? It sure doesn't look like it. There's no reference to how you can stop them from future access to your data in their "terms and conditions." Worse, it appears that to "unlock" the answer in your friend's post, you need to answer a bunch of questions about your other friends and violate their privacy too. I didn't give 21 Questions access to my information, but the roughly 850 people who joined "People Who Hate 21 Questions on Facebook" apparently have and can give you insight into just how pernicious this program can be.

courtesy: YAHOO

#WishWorld

No comments:

Post a Comment