Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, March 13, 2012

Facebook: Where Everyone Knows Your Name

I’ve often warned readers about Facebook privacy settings and how important it is to protect personal information. I was stunned years ago to find out that just by accepting an application users not only provided their own personal data but allow any information they could access of their friends. What is equally stunning is Facebook apps still use this deceptive practice today.

apps
Common application approval screen

Some folks have commented to me, “What do I care if strangers know my sex, birthday or who my friends are?”

This morning all my friends were exposed to danger due to Facebook’s desire to share. Even though I thought I had changed my settings, my privacy was set so “my" friends could see and had access to all my other friends.  On the surface this seems like a reasonable and safe feature.

Unfortunately, one of my friends inadvertently gave a malicious app access to my entire friends list.  This allowed the bad guys behind the app to send a message to all my friends. The message gave them the impression I was promoting a link to win a free iPhone. Naturally, it was a scam that hopefully no one clicked on.

This is what many of my friends woke up to this morning in their private Facebook message box.
iphone5

Even though this message didn’t come from me, it seemed like it came from a good friend. There is a privacy option that prevents strangers from sending you a message and many of my friends apparently did have set.  I like to think that my most of friends would immediately recognize this message as a scam. It’s certainly not the most sophisticated social engineering trick but we’re all human and if some people didn’t fall for these scams they wouldn’t exist.

Update March 15, 2012
The award winning news blog “nakedsecurity” from security firm Sophos also experienced and wrote about this particular scam. Their scenario was slightly different so for additional information and tips click below.
http://nakedsecurity.sophos.com/2012/03/15/iphone-5-facebook-events/

Share on Facebook


0 Comments:

Post a Comment

<< Home