Protecting Yourself from Facebook Identity Theft

This is a re-post of what I wrote on my company’s blog:

Zane Burnett talks about how to keep your online identity safe

My company is holding an Intro to Social Media class this evening (with yours truly as the instructor). Only 55% of the people who registered for the session are members of Facebook, and 45% indicated that they didn’t belong to any social networks at all. As a matter of fact, some people claimed they were scared to join up on some of these networks because of the amount of info they felt as though they were required to input.

As Fillmore Real Estate tries to empower its agents by allowing them to recognize the vast power of social media, it is important to remember two things: not only is it beneficial to establish your online identity, it is potentially dangerous not to.

For every milestone in technology, there will always be those who seek to exploit the users of that technology who aren’t thoroughly familiar with it. The same can be said for social media. Increasingly, people over the age of 50 are joining the ranks of Facebook’s ever-growing community. Unfortunately, this is the exact demographic that scammers are targeting. I came across an interesting article here. It tells the story of someone who fell victim to “Facebook Identity Theft”. I encourage you to read the article. After doing so, remember these key points to protecting yourself online:

1. Look at the URL of Your Login Page: The most common way for “phishers” to steal your information is by creating fake login screens. These pages look exactly like the Facebook login page your accustomed to, with one key difference. If you look at the address bar in your browser when you login to facebook, you should see something like this:Notice that the domain is “facebook.com”. This is ALL your address bar should say. Sometimes there will be a “/login.php” extension, and that is acceptable. Observe the difference in this URL:
   Notice the difference? If you were to fill out your login info on this page, it would get sent to a person collecting Facebook logins, and not to Facebook. Once you click submit on the phisher’s page, it will redirect you to the actual Facebook login page, where people just assume their connection hiccupped and they login again, thinking nothing of it. Just remember, if it doesn’t begin with www.facebook.com, it isn’t really facebook!
   
2. Use Common Sense: I once received this message from a friend:
   
   It was clear to me at once that her account had been hacked. Why? First and foremost, the subject made absolutely no sense to me. Secondly, it was sent to several different people in a manner that didn’t make much sense.

   You know who your friends are, so if something seems a bit out of place, message them back before you actually click on the link. Ask them if they meant to send it to you… you won’t be hurting anyone’s feelings. If anything, you may be making them aware of the fact that their account was compromised.

3. If you don’t have an account, GET ONE!: As part of my demonstration for a class I once did I, I tried to show the true danger of not having an account. Beforehand, I perused the company website. There was a nice section of all the employees along with their individual picture. I selected my target and checked to see if he was registered with Facebook. After confirming that he wasn’t, I simply took his picture from the website and used it to create a profile on Facebook. I had his name, his picture, some minor info, and that was all I needed…First, I searched everyone else in the company and friend requested them. Then, as I made more friends on Facebook, people started sending me friend requests. Before long, I had a list of about 85 friends, all of whom thought I was someone I wasn’t! Now, what would’ve happened if I sent each and every single one of them the following message: “You won’t believe what happened to me last night! While I was sleeping, a couple of burglars came into my house and took so many things… they took some of my jewelry, some silverware, and they even managed to take my wallet off of the nightstand. I was so terrified, I didn’t know what to do.Listen, I hate to ask you this, and I’m certainly too embarassed to ask you in person, but do you think you could send me some money via Western Union? If not, I completely understand. If so, a hundred dollars should do the trick until I sort all of this craziness out (I’ll definitely pay you back). Either way, let’s just please act as though I never asked you when we see each other in person. It would be way too embarrassing for me.”Certainly, if your friend sent you this message, it would make some sense. If I followed through with sending a message like that, I guarantee you at least one person would have sent money. As a matter of fact, when I informed the class that they weren’t actually friends with the example person I used, they were shocked… imagine if I had sent them the “I need money” message!

The moral of the story is this: in order to protect yourself, you have to be aware, be informed, and be online!!