Home > Facebook > Facebook Security – You are the Weakest Link

Facebook Security – You are the Weakest Link

weakest linkA few weeks ago I received a message from a Facebook friend I knew in high school.  Through Facebook we had “caught up” but I hadn’t really heard much from her recently.

Curious, I clicked the link in the message and opened a page detailing how much money I could make from Google by working at home.

My playful response was, “What, did you grow up to be a spammer?”

Embarrassed by the hijacking, my friend quickly posted a message on her page stating the situation and apologized to her friends for the inconvenience.

We’re hearing a lot lately in the mainstream media about security issues with Facebook.  The issue isn’t Facebook, it’s simply the newness of the technology being exploited by those with evil intentions.  No matter the technology, there will be those that will try it to scam others.  When that strategy stops working, they’ll simply move on to the next.

At the root of any successful identity theft is human weakness.  Social engineering is the process of obtaining information directly through human interaction, but data has been lost or compromised through theft, loss, carelessness, ignorance and disorganization.

Today’s social media hackers prey on human weakness, not nefarious bots traipsing through the Internet.  My friend explained how her Facebook account was hijacked –

I got phished when I clicked on a link from someone else’s wall and then I didn’t even bother to look (which I normally do) and “re-logged in”. Duh! I know. The only thing that makes me feel just a bit better is that I’m not the only dumb one, it got a lot of other people too.

These javascript phishing attacks are the worst.  With images that are easily confused with regular operating system messages, it’s easy to fall for them.  I still have to think several times about “hit cancel to stay on the page or OK to exit.”

Fortunately, my friend’s misstep didn’t cause any damage, other than minor embarrassment.  Certain phishing rings pretend to be a friend in distress and are draining bank accounts.

She explained how she resolved it –

I had to change my password immediately and then run another virus scan and then I went and deleted the stupid links from everyone’s wall that it was put on.

I just underestimated just how sneaky these scams can be, but I still feel stupid.

Unlike a spam message posted randomly on the Internet, the social networking schemes are so much more dangerous because they come from someone you know.  Your faith in the sender is implicitly transferred to the message regardless of how dangerous it may be.  Tucker Max for instance said, “When your buddy tells you a movie is good that’s worth 2,000 commercials.”  The same applies to spam, scams and junk.

My friend took care of the problem in a way I dare say should be the model for such intrusions.

1.  Within a few hours of the breach, she alerted everyone in her network.

2.  She regained control of her account.  Fortunately, it was as easy as changing a password.

3.  She deleted the garbage left behind.  I initially thought this was overkill, but it really is necessary, since other people who saw it floating out there might fall for the same scam…like she originally did.

With social networking becoming more and more popular, it’s easy to blame a particular platform or software when things go wrong.  It’s easy to blame Facebook because they’re popular and wealthy, but ultimately we are the final gatekeeper for our information and who we share it with.  It’s important to become even more vigilant for the threat of social networking schemes because online,  the wolves hide in our friends clothing.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: