WARNING: Facebook Scam On the Loose, Steals Passwords

Facebook is falling prey to a widespread phishing attack today that tries to steal your login and spam your friends.

I’ve got a number of messages in my Facebook inbox with links to “FBAction.net”, a site that displays a fake Facebook login. Enter your details there, and it will spam all your friends with the same message and link. More worrying: you might get locked out of your account for a time until Facebook sorts out this mess.

There is no malicious payload with the attack, it seems: no virus is downloaded or any other nasties: it’s simply a huge nuisance for Facebook users.

As always, don’t enter your Facebook password if the URL is not Facebook.com, and contact Facebook if you’re no longer able to access your account.

Well, it probably isn’t a good idea to share everything.  We may find down the road that Millennials have gotten “burned” (so to speak) by the amount of information they are comfortable with putting out there.  On the other hand, they may be redefining our world by letting it all be out there. Regardless, social media is a part of everyday life for so many people and as such, it is important to know more about how they work.

We’ll be posting a series of articles on the privacy settings for various social media websites.  Today, I’ll begin with Facebook.

Facebook does not really make it easy to keep things private by default and, in my opinion, doesn’t do a great job of explaining what each option does.  I say that even though I really like it.  I love being able to keep up with friends, family and colleagues. I love sharing things I come across online and what I am doing right now.  The downside is, sometimes I am surprised by who is paying attention to what I am doing.

Last week Dave Mullen had a post on his blog titled “Teens and 20-Somethings May Leave Facebook” in which he predicts that younger folk will leave because they are annoyed that the platform is now being populated by people they don’t really “want” to share with.  (Which is kind of ironic, if you think about it.)

I was chatting with a high school senior a couple weeks ago and Facebook came up. He commented offhand that he may have to find a new place online to keep up with his friends and I asked, “why?” That’s when he tipped me off.

“It was kind of weird when my parents joined and friended me. Seriously, though, my grandma friended me the other day! This isn’t cool. A lot of my friends are talking about looking for something else.”

That got me thinking. Do college students want their parents and aunts and uncles and grandparents walking into their dorm rooms on a Saturday night to jot down something cheesy on the white board over their desk for all their friends to see? If it’s not cool in the offline world, what would make it cool online?

When I read that I thought to myself, that if they understood how to adjust their privacy settings, maybe they wouldn’t feel as threatened by other generations joining the network.

The point is that we all have different groups with which we share different things. While Facebook’s settings leave a bit to be desired in the usability department, they can be used to your advantage.  Here I’ll try to detail some of the settings you modify to protect your privacy on Facebook.

Create Lists

First of all, the key to privacy in Facebook is Friend Lists.  You have by default a group called All Friends, but suppose you wanted create a list for people you don’t know that well (for example, I have a list called “Acquaintances”).  In the case of the teen Dave Mullen talked to above, maybe a list for “Family” would help.  Once you have established those lists, head over to the privacy settings and customize the access these lists have to your information.

To create a list, go to “Friends” on the top menu in Facebook. Then click “Make a New List” in the left hand menu.

Facebook Privacy Settings

To access the privacy settings in Facebook, from your FB Home page, go to: Settings > Privacy Settings.  Here you will see the different areas of your Facebook account and can adjust privacy settings:

1. Profile – Control who can see your profile and personal information.
2. Search – Control who can search for you, and how you can be contacted.
3. News Feed and Wall – Control what stories about you get published to your profile and to your friends’ News Feeds.
4. Applications – Control what information is available to applications you use on Facebook.

Under Profile you’ll see that you can customize access to the different areas of your Facebook Profile.

• Profile
• Basic Info
• Personal Info
• Status Updates
• Photos Tagged of You
• Videos Tagged of You
• Education Info
• Work Info

Each section except for Profile lets you specify lists of friends you may want to exclude from that information.  Perhaps you don’t want Acquaintences to see your Personal Info, Status Updates, Photos and Videos Tagged of You, but you were ok with them seeing your Basic, Education, and Work Info.

Status Updates Privacy

Customizing Status Updates Privacy

In the sections you want to protect you click the pull down menu and select Customize.  The window that pops up lets you add lists you want to exclude.

See How Other See your Profile

You can then check whether or not this is displaying correctly by using the “See how a friend sees your profile” tool at the top of the Profile Privacy page.

When you type in one of your Facebook friend’s names you can see exactly what they have access to in your profile.  [I will note that I have see it not be 100% accurate when/if you click on other tabs within the preview pane.]

Creating lists is easy and effective.  It allows you to be free to accept friend requests from just about anyone, but not have to worry that you are sharing more than you intend to with those you don’t feel compelled to get to know better.  And honestly, boundaries are a good thing.

WVU on Facebook

If you haven’t seen it already, take a look at facebook.wvu.edu a website set up by WVU Web Services.  They are connecting to numerous WVU Facebook groups and pages in a single location.

They also have posted a helpful list of Facebook Do’s and Dont’s:

Facebook Do’s & Don’ts

Do…

1. Use Facebook to stay in touch with friends and make new ones.
2. Use Facebook to create your best image, since anyone with access to an “.edu” account can see your page. Google yourself every once in a while to check on your public image.
3. Use Facebook to get involved with the campus community and learn what’s happening.
4. Use Facebook to advertise your organization’s events.
5. Use Facebook’s privacy settings on your account to monitor who can look at your profile.
6. Use Facebook’s customer support page since it contains valuable information about privacy controls and other important safety information.
7. Use good judgment with your Facebook account and postings! What do you want future employers, administrators, faculty, and maybe even your parents to see?
8. Remember that WVU administrators are not monitoring Facebook, but may act on any violations of law or University policy if brought to their attention. Just because you don’t want them to look at your page doesn’t mean they can’t or won’t.

Don’t…

1. Post overly personal information like cell phone numbers, dorm address, class schedule, etc. unless you feel comfortable being contacted by strangers. Students have been stalked by uninvited viewers of their Facebook pages when they posted overly personal information.
2. Post pictures of your friends without their permission. It may be considered a legitimate invasion of their privacy, or may jeopardize their chances for a job, or their scholarships.
3. Think that just because you have to have an “.edu” account, that you are safe from any harm or consequences for the content of your page.
4. Forget that once you post something, it may live forever, even if you take it down.
5. Think that Facebook is the only website of concern. These same principles apply to MySpace.com, Friendster.com, etc.
6. Be afraid to get creative with your profile. Have fun and express yourself legally and responsibly. There are plenty of ways you can create a positive self image. You can impress your peers and community members and abide by all university polices, and laws!

Credit: University of New Hampshire. source

As always, think before you click! With any email message you receive, think twice before clicking on any links that it contains, even if it appears to come from someone you know.

Facebook Threat

“Hey, I have this hilarious video of you dancing. Your face is so red. You should check it out.”
If you’ve received an email message like this through Facebook or MySpace, you may have been exposed to the “Koobface” virus. This virus is traveling through email that appears to be coming from your friends on Facebook and invites you to click on a link and see a video. If you click on this link, you are prompted to update your Flash player before the video can be displayed. Then the virus hits, wreaking havoc with your computer.

Sources:

• The Facebook Virus Spreads: No Social Network is Safe (ReadWriteWeb)
• Facebook Virus Turns Your Computer into a Zombie (PC World, December 5, 2008)
• Techcrunch, December 5, 2008

UPS Alert

UPS has issued a warning about a new computer virus circulating as an attachment to emails that appear to come from them. The bogus emails, with titles such as “UPS Delivery Failure” or “Your Tracking #,” claim that a parcel was undeliverable due to an incorrect mailing address. You are then instructed to open an attachment containing a copy of the invoice. The attachment actually contains a virus which can infect your computer.

Source: UPS Virus Warning (About.com)

Here’s the original post from Mashable:

Be Careful if You Access Gmail Through a Public Hotspot

August 20, 2008 — 01:53 AM PDT — by Stan Schroeder

If you check Gmail’s settings, the last option under the “General” tab lets you “always use https” when accessing Gmail. It’s a fairly new option, and it might sound strange; isn’t Gmail secured by SSL (Secure Socket Layer) by default (hence switching to “https://gmail.com” when you type in “gmail.com” in your browser)?

The answer is: yes and no. Once you log in, Gmail reverts back to an unencrypted connection, since SSL connections are slower than regular ones. This means that whatever you do on Gmail is unencrypted from now on, and someone sniffing traffic on your network can easily obtain sensitive data.

Of course, not everyone has the skills to do that, so the chances of it actually happening are pretty small. Or, better put, they were small until now. As reported by Hacking Truths, a tool has been presented at DEFCON that makes stealing session IDs from Gmail a relatively easy affair. And once someone has your session ID, he/she can log in to your Gmail account without authentication.

In practice, this means that not having the “always use https” option checked, especially if you’re accessing Gmail through a wireless hotspot, or any other unsecure network, has become a hazard, and is not recommended. Google has been fairly silent about this, letting users decide what they want to do, but I’ve switched to SSL and I recommend you do, too, especially if you use Gmail for business purposes.