Facebook: Where Everyone Knows Your Name
I’ve often warned readers about Facebook privacy settings and how important it is to protect personal information. I was stunned years ago to find out that just by accepting an application users not only provided their own personal data but allow any information they could access of their friends. What is equally stunning is Facebook apps still use this deceptive practice today.
Some folks have commented to me, “What do I care if strangers know my sex, birthday or who my friends are?”
This morning all my friends were exposed to danger due to Facebook’s desire to share. Even though I thought I had changed my settings, my privacy was set so “my" friends could see and had access to all my other friends. On the surface this seems like a reasonable and safe feature.
Unfortunately, one of my friends inadvertently gave a malicious app access to my entire friends list. This allowed the bad guys behind the app to send a message to all my friends. The message gave them the impression I was promoting a link to win a free iPhone. Naturally, it was a scam that hopefully no one clicked on.
Even though this message didn’t come from me, it seemed like it came from a good friend. There is a privacy option that prevents strangers from sending you a message and many of my friends apparently did have set. I like to think that my most of friends would immediately recognize this message as a scam. It’s certainly not the most sophisticated social engineering trick but we’re all human and if some people didn’t fall for these scams they wouldn’t exist.
Update March 15, 2012
The award winning news blog “nakedsecurity” from security firm Sophos also experienced and wrote about this particular scam. Their scenario was slightly different so for additional information and tips click below.