As the biggest social network out there, it’s no surprise that Facebook is much maligned when it comes to privacy and security. The network itself is full of scams, spam and potential malware still, despite increasingly sophisticated algorithms that are designed to take care of such things.
Much of the time though, issues with security and privacy come from users themselves, rather than the site and Facebook has announced that now it’s helping users further by checking the net for any stolen login credentials.
It’s common now to hear about security breaches at all manner of sites that allow users to register and login. Just last week we heard that Dropbox users’ account details were posted on Pastebin and it seems that Facebook have taken note and decided to pre-empt the same thing happening to its users. The company has come up with a new system that analyses if someone’s login details have been posted on a public forum.
“Lots of household company names have experienced the unpleasant phenomenon of seeing account data for their sites show up in these public lists, and responding to these situations is time-consuming and challenging,” Chris Long, a security engineer at Facebook, said in a blog post.
Identical Login Details
The problem that many sites have is that users tend to use the same credentials for more than one site and few use password managers to generate and store complex (and different) passwords for each site. This means that when details are stolen, the ramifications for a user can stretch across many sites and a lot of the time, users don’t even remember half the sites that they’re members of.
To overcome this, the new Facebook feature will automatically search out public posts which contains user information. The system works by using the login credentials provided by users and scanning it to extract the password text. It then compares this with the public posts that it finds online and if the email address and password are listed, then the site will alert the user and guide them through changing their details.
The data is also cross-referenced with reports of large scale security breaches before the user database is checked. This is a fully automated process and so one in which nobody at Facebook actually sees user passwords in text, it’s all done with code.
Social Engineering and User Error
Whilst this is a step forward for Facebook and security in general, most security issues aren’t caused by breaches such as those publicised. This is especially the case when it comes to social media as there’s a high incidence of users who aren’t particularly technologically minded. There is, however, lots of scams such as click/like farming and other tactics that utilise users’ ignorance which if the site’s ever going to be as safe as it can be, users should educate themselves on.
With that in mind, let’s have a look at some common scams and how you can avoid them.
Like farming is prevalent on Facebook and whilst it could be said that not as many people fall for it now it’s still the case that I see pages such as these shared to my feed almost daily. Like farming refers to a practice in which a page is set up offering something too good to be true for little or nothing. It’s also common to see pages set up for like farming that appeal to the emotions, such as those asking to share for a sick child.
Whilst many people believe these pages to be harmless, they’re not. The purpose of them is to drive up the amount of likes a page has in order to sell it (and the information of those that like it) on the Black Market. Pages that gather 100,000 likes can be sold for around $1000 and then repurposed to send out spam messages to its unsuspecting followers.
You know the pages, we’ve all come across them at some point promising us that we’ll get a free iPad Air if we like the page, or a free $75 voucher. An old saying holds true for these (you do of course never receive said freebie and often these pages pretend to be from a well-known retailer) – if it looks too good to be true then it probably is.
Likewise, Facebook, Microsoft or any other big company does not give a dollar for every like on any page, even if it’s for a sick child with cancer. Often when it comes to emotional scams such as this, images of children who are sick or have even died are used without the permission of the parents – think about that before you click that like button.
Still think it can’t do any harm to like it?
These are not as prevalent as they used to be on the site but do still manage to make the rounds. Survey scams offer you something in exchange for you carrying out a quick survey which is designed to gather as much data about you as possible. Often survey scams are especially interested in your phone number and if you don’t read the small print, you could find yourself signed up to receive SMS messages that cost a small fortune.
Survey scams also sometimes redirect you to a site that’s infected with malware which can be used for a variety of things from making your machine a zombie in a botnet, to stealing your login details for banking as well as credit card details.
Hidden Malicious Code and Click Bait
To some extent many articles that are posted on social media have elements of click baiting in the title which prompt you to read. However, the kind of click baiting posts that are dangerous are those which contain a layer of hidden code over images and video. These are not nearly as many as used to be around on Facebook but it’s still worth mentioning.
Click baiting also relies on social engineering and gives titles such as “you’ll never guess what this dad saw when he looked in on his teenage daughter” and similar. The titles are always sensationalist and always promise to show you something when you click to reveal. In reality, you get to see nothing and the only thing you actually gain is a malware infection. As I said, these are not as prevalent as they used to be as Facebook’s algorithms have improved enough to pick up a lot of malicious code and know to look out for this kind of headline.
These are just a few of the more common scams that you’ll see on Facebook and it’s encouraging to see that the site is implementing even more features that help to protect its users. However, it’s inevitable that scams and spam will still get through so ensure that before sharing you Google anything that looks dodgy.
Doing this picks up scams straight away in 99% of cases and takes seconds, but could help to further improve the social networking experience for us all.