Facebook Issues Security Tips Guide

By Carlton Purvis

There are more than 900 million objects on Facebook for users to interact with -- more than 30 billion items (Web links, news stories, blog posts) shared by users. So each time Facebook does a re-design or rolls out new features, it’s expected that they might come with a little confusion.

Because users may have a hard time discerning the real from the scams, Facebook recently released a 14-page guide of little known tips and instructions to help its 750 million users navigate the social networking site safely. (Google ranks Facebook the most visited Web site on the Internet, worldwide)

The guide, Own Your Space: A Guide to Facebook Security for Young Adults, Parents, and Educators, reminds users to use secure passwords and to log out of Facebook when they’re not using the site – obvious tips for any site that contains personal information. Leaving a Facebook account logged in can lead to embarrassing posts by friends or family if they come to your computer. When Facebook accounts are hijacked, it’s usually because a user was tricked into using a fake login screen.

Scammers who target Facebook will often use links disguised to look like they’ve come from popular third-party applications like Farmville and Mafia Wars. “The common scams offer prizes like free virtual objects. Other lures claim that your account has been suspended and provide a link for you to remedy the problem,” the guide states. “Click on the link and you’ll be directed to a fake Facebook login page. If you log into the fake page, you’re giving your Facebook password directly to the scammer.”

“Unlike the insanely horrible email scams written in poor English by scammers, most of the fake Facebook login screens are pretty believable,” the guide says. An example in the guide shows a screenshot of a Facebook login screen. Initially it looks completely legit. A closer look reveals that the URL in the address bar is missing the “e” in Facebook. The fake login screen plays off the human brain’s ability to “automatically insert missing vowels while reading without even realizing it.”

Other scams involve malicious script, where a user is instructed to copy and paste an html code into their address bar with a promise to reveal who is looking at their profile, and clickjacking – images that resemble fake videos. When a user clicks the play button, instead of watching a video, their computer starts downloading malware. These links are also hidden under “Like” buttons.

To prevent these types of scams, Facebook says users should always check the URL when they’re using Facebook, and to keep current on Internet browser updates. It also says that Facebook will never redirect a user to a login screen once they’re already logged in.

Facebook’s behind-the scenes steps to keep the site secure include encrypted transmission (https) and a couple opt-in features that user can select to use. By verifying your cell phone with Facebook, users can have a one-time password, or a unique pin number to supplement their existing password, sent to their phone each time they login.

Facebook has opened its user account system to other Web sites to use as well. “The more sites you allow to recognize your Facebook login, the fewer usernames and passwords you need to remember,” Facebook says.

A feature called Login Notifications can be activated to send an e-mail if a different device logs into an account. Clicking “end activity,” can revoke access to a device listed.

One of the most interesting of the security features is what the guide calls a multiple-choice exam to challenge someone who tries to login from a strange place. Facebook will create a series pictures with multiple names prompting the person logging in to select the correct name of the friend identified in the photo. “Since it’s very unlikely that a scammer would recognize your Friends by sight, this is a great test,” the guide says.

One question lingers though: Would a person be able to use Facebook’s facial recognition feature to get around this one?

Calls to Facebook and the authors of the guide weren’t immediately returned. View the guide here.

sketch by stoneysteiner  from flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.