Facebook’s Expanded Sharing Makes Security Even More Critical

If you're a dedicated follower of Facebook, last week was a bit of a roller coaster. On Monday, Emil Protalinski at ZDNet reminded you that the stories appearing on Facebook about Lady Gaga being found dead in a hotel room are a “likejacking” scam. Then on Tuesday it was reported that Facebook has "introduced a number of new security features," as summarized by Chloe Albanesius in PC World. However, these changes seem to be less about making it harder to run such scams and more about making the "who-sees-what" privacy settings more accessible and granular. You probably feel the latter is a good thing but it hardly amounts to the headline you wanted to see: "Facebook scammers stopped cold."

Facebook QuoteThen on Thursday you learned that much more of your life will be shareable on Facebook, including what you do with Facebook apps and what you were doing before Facebook itself existed (reported here in the LA Times and quickly deplored here on Slate).

All of which was bad timing from where I was standing last week, deep in research about the lengths to which organized crime is going to abuse every piece of information it can get its hands on in every last corner of cyberspace. From spear phishing their way into military and defense contractor systems (like Mitsubishi Heavy Industries)  to selling fake anti-virus products, the bad guys are on a tear right now, undoubtedly encouraged by the low probability of detection, identification, prosecution, or serious punishment.

No wonder that the latest ESET/Harris Interactive poll of more than 2,200 online adults in the U.S. found that 91 percent of them said they feel vulnerable to some type of cyberattack (see report in Dark Reading). Someone in the office joked that the other 9 percent were Mac users but, as Dan Clark reported here on Friday, not even Mac users are immune to attack given that a PDF Trojan appeared last week targeting OS X.

So what do we conclude from a whipsaw week like that? On the one hand you have Facebook adding security, while on the other it is increasing the potential for people to expose even more of their personal data to potential abusers of that data, abusers who are increasingly well-funded and inventive. Ask me how likely I am to use Facebook in the days ahead and I'd say my answer lies in a magazine article, written by Benjamin Wallace and appearing in the October issue of WIRED magazine (should be available here in a few days).

Wallace tells the story of Sam Jain and Daniel Sundin, a couple of guys who made hundreds of millions of dollars selling fake anti-virus software. They are now wanted by the authorities but their whereabouts are unknown and I'm betting they're living quite comfortably, thanks to their very considerable ill-gotten gains. Now think about this: For every Jain or Sundin there are hundreds of scumbags as yet unidentified, unindicted, and unlikely to stop trying to scam people through email, on web sites, across social networks, and in every other corner of cyberspace.

In the days to come you will hear more from me and my fellow ESET bloggers about the security implications of the new Facebook features as they are rolled out and their implications become clearer, but let's just say that right now I'm not feeling very sociable, unless it's in person, face-to-face with people I know and trust.

Author Stephen Cobb, ESET

  • Linda Guilfoyle

    So, do you have advice on how to make ourselves more secure while on fb, other than to drop out of it?

    • Stephen Cobb

      Great question Linda, and a tough one to answer. Part of the challenge is that the Facebook software changes quite often, so the illustrated guide to Facebook privacy settings that we posted in May looks quite different from what I see under Privacy Settings in Facebook today, four short months later.

      I strongly recommend that you look at your current settings and see what you are currently sharing and with whom. If you are not comfortable with those settings it is relatively easy to reduce the extent of sharing, for example, you might decided to go from “Friends of Friends” down to “Friends” for some things.

      Regardless of privacy settings, every Facebook user needs to think twice before posting. Unless Facebook achieves the impossible and creates a completely foolproof security shield around its content there is always a possibility that people other than your intended audience will see what you share. I always approach email this way and ask myself “What if my mother should see this?” before I hit Send. Very few people enjoy the freedom to live their life without caring what others think. For example, even if you enjoy the job you have today and don’t plan on looking for another one, that day may come and when it does there’s a good chance a prospective employer will check out your social media profile. Can you predict whether or not they will share the views you have expressed on Facebook or like the person you appear to be?

Follow us

Copyright © 2017 ESET, All Rights Reserved.