ESET Tech Tip
By Cameron Camp, Researcher for ESET North America
Five Facebook No-No's (and how to fix them)
With the meteoric growth of Facebook to more than 900 million users worldwide, scams had to follow. Now we see everything from fake notification scams to impersonation, defamation campaigns and a host of other not-so-nice tricks. So how do you protect yourself? Here are five user no-nos and what to do to avoid them (and what might happen if you don't).
1. Don't use the same username/password as you do on all your other accounts – If scammers gain access to other popular sites such as LinkedIn, Twitter, Gmail, etc. and they are able to harvest your credentials, it's an old trick to try the same username/password across multiple sites hoping to get in. This means you'd open yourself up to multiple scams, truly messing with your life potentially, so don't do it.
2. Don't give up too much personal information – If a bad actor knows enough about you by your profile, you can open yourself up to impersonation scams in which they try to gain the confidence of someone by using your information to seem to the third party like they're a familiar face and should be granted more leeway. Don't fall for it. A good place to start is to restrict your information to friends only, or possibly friends of friends, but not the general public. You'll save yourself a lot of potential hassle.
3. Don't give location-based update photos – If you take a picture of yourself and your friend down by the ocean with a caption that reads “wish you were here” and you live more than a short distance from the beach, it's a fair indication for scammers that you're not home, potentially opening yourself up for theft at your home, since they know you won't be there for a while. Also, if you tag your friend in the photo, they know she's not home either – same scam applies.
4. Don't click on notification links in email – There are a raft of scams involving emails that purport to come from Facebook, but in fact only encourage you to click a legitimate-sounding link that takes you to a scam site trying to harvest your personal information, infect your computer or subject you to a barrage of advertising. Don't fall for it. You can always open up a browser and navigate directly to Facebook and do your updating. You'll be a lot safer, and so will your friends in case scammers get your credentials and use them to go spying on friends' accounts.
5. Don't stay logged into your Facebook account – After you get done updating Facebook, don't stay logged in for the rest of the day. If you do, Facebook silently tracks all sorts of information about other websites you might visit in the interim, potentially providing a rich harvest for marketers. Also, if anyone walks by your computer while you're away, they'll have easy access to go prying into your profile, potentially revealing information you'd rather keep private. This one's easy: There's a menu on the top right side of the page that has a link to logout – piece of cake.
By following these simple steps, you can have a lot more peace of mind, knowing you're FAR less likely to fall prey to one of the droves of scams circulating. Also, it'll help keep scammers from getting access to your friends and furthering their nasty tricks. And, when you get home from vacation, you won't be greeted by a house vacant of valuables, thanks to your happy pictures by the sea tipping off criminals.
For questions about security or suggestions of topics you would like to see here, please email me at AskESET@eset.com.