Since our April ESET news has already been dominated by Facebook and Koobface an updated Facebook best practices wrapup seemed in order.
Facebook Newbie? Read This First
While most of us involved with this blog are old hands at implementing security, sometimes it’s hard for others to process the do’s and don’ts.
Michelle Green contributed one of the the best Facebook Newbie Guides to I’ve Been Mugged, one of the top identity theft blogs run by George Jenkins. Two of her key tips are here:
- Be careful of stuff sent to you, even by people you respect (their Facebook account may have been hacked). The koobface virus, the crush me virus, and marketing things like the free $500 Whole Foods card scam come to mind. A tech savvy friend fell for the Whole Foods card scam, and the program sent info requests pushing the same deal to all his friends under his name.
- If someone can hack (or guess) your password just from looking at your profile (see note about sending messages, above), bad guys may hijack your Facebook account, block key people (e.g., spouse, kids), and then send friends desperate messages without your knowledge (“help I’ve been mugged overseas, send money!”). Things like this have led me to construct my longest online password for use on Facebook; one I don’t use anywhere else.
Analysis: Michelle nailed it
My top five Facebook recommendations echo two of Michelle’s. Her blog post covers some tips that even experienced FB’ers could use.
- In Securing Our eCity the core curriculum discusses proper password discipline as the number one thing that all online users can do today to make themselves a harder target. Historically, 60% to 80% of data breaches are preventable and password discipline is the number one issue. Here’s another way to look at it: if my baby-boomer ‘60s Berkeley grad mom now has a 25+ character router password and multiple passwords for her online identities, everyone can do it.
- Clicking before you think is how phishers make their money. It’s called Social Engineering, and it’s another fancy way to say SCAM. Think before you follow that link or you’ll soon be posting a cautionary tale to all your friends.
- Limit or eliminate access on Facebook to games and other plugins. Those fun casual gaming online Facebook games (farming, mob wars) and plugins (pass a drink or flower) have the access rights to your entire profile and your friends. For what it’s worth, I just don’t use plugins where my complete identity is stored, no matter how compelling the games may be. FYI, since Firefox already has a Facebook game data blocking plugin, most of your friends may already be blocking “how much your farm needs fertilizer” updates from your profile.
- Try using Facebook on non-OS platforms – XBox 360, your iPhone, iPad or Blackberry. Although this may be thought of as security through obscurity, quite frankly the XBox Live / XBox 360 component I’ve used is pretty well locked down. Downside: while it virtually guarantees a phish-free experience, forget browsing external web content. Upside: Displaying FB pictures of your friends on your wall-mounted LCD big screen makes for a pretty cool slideshow.
- If you must play Facebook games, try doing it with a separate ‘game profile’. That way if your personal data gets compromised your friends are not at as much risk. By adding in a [game] text into your new profile so your friends are instantly warned. Old school gamers used to put their clan affiliation in their names. My example would be to change my profile to Name [gamer] Surname.
Facebook Improving Online Safety
Of interest may be the advisory board for Facebook:
- Facebook is setting up a new advisory board to improve user safety on its social networking site, it said on Sunday. Online safety organizations Common Sense Media, ConnectSafely, WiredSafety, Childnet International and The Family Online Safety Institute have all joined the Safety Advisory Board, according to Facebook.
- Safety issues for Facebook users include cyberbullying and phishing. One of the board's first projects will be to revamp the security section on Facebook's help site.
Do you have any tips which might help Facebook users in these trying times?
Securing Our eCity Contributing Writer
Author ESET Research, ESET