How to Save Face: 6 Tips for Safer Facebooking

1. Know what you’re getting into
Facebook is a business. It exists to take your online activity and turn it into revenue. Facebook will always be free. But there is a cost. You’re paying by being exposed to advertising and allowing limited disclosure of your online activity.

How limited? You could sit down for a while and read Facebook’s Privacy Policy. But you’ll probably need a few hours and some black coffee.

So here’s a short version: basically everything you post, every person you friend, every group you join will be made public to your “friends”, “friends of your friends” or “everyone”—depending on your privacy settings.

To you this may be simple. You assume that everything you’ve posted could be available to the whole world. Others are still learning. People have lost their jobs as a result of things they’ve posted on Facebook. And when this happens, the newly unemployed person will usually claim that s/he thought that the post was private.

So joining a social network is a leap of faith. On a social network, not only do you have to trust the site to follow its privacy policy, but you also have to trust your friends. Will they reveal your secrets? Will they pass on bad information and scams to you?

And, more importantly, you have to trust yourself to share the right things.

On Facebook, you are exposing your private life in ways you may not even realize. 79% of companies review an applicant’s online information (which is completely illegal in Finland but acceptable in most of the world). Your financial future could depend on how well your profile and your photos and friends list represent you. So think before you post—always.

2. Secure your PC
What does 500,000,000 people on one website look like? To cybercriminals, it looks like a gigantic, unsecured goldmine.

Online gangs and scammers are working twenty-four hours a day to exploit the trust we have for our online friends. Updated Internet security is a must before you use Facebook or any social site. In addition, you have to make certain that your PC is updated with the most recent application system software, which can be time-consuming. F-Secure’s free Health Check makes that easy.

3. Use a unique, strong password
‘Password’ is not a good password. Neither is ‘123456’ or your pet’s name or your name any information that is available publicly on your Facebook profile.

Creating a strong, complex password that you can remember is the key to keeping strangers out of your account. Here’s a simple password system we recommend. You should also use different passwords for your all of your various accounts, especially your email accounts, to keep one hack from becoming a total nightmare.

For extra protection, never let browser remember your password, and lock your PC when you step away from it—especially if you’re living with young children and/or parents and/or anyone, really.

4. Filter your friends
Facebook works overtime to connect you with as many people possible. When you first join, the site combs through your email account to suggest as many people as possible. Then as you use the site it will suggest more email contacts. Email someone new and Facebook will suggest that you become friends.

Run out of contacts, you’ll see friends of friends, brands you might like, your ex.

It’s a strange social dynamic. When see the person’s picture, it feels like this person wants to be your friend. But who knows? All you can be sure of is that Facebook wants you to be friends.

So ask yourself this: Does everyone you email need to be your Facebook friend?

Some people have found that their best friends in the real world make lousy Facebook friends. There are a lot of people who can find you who may not like reconnecting with. According to a recent survey, 70% of Facebook users avoided becoming friends with their bosses.

Maybe you want to limit Facebook to your friends and family and leave professional connections to Twitter and LinkedIn. There’s no perfect formula, but it’s important to have some filter, some limit on what you share with whom. How do you say no when someone you don’t want to offend makes a friend request? Facebook makes this easy. You can just ‘ignore’ the request. That’s a nice way to frame it!

Want to stop Facebook from combing through your email contacts? You can remove your contacts by clicking here. But if you’re using a Facebook app on your phone, first you’ll have to disable the Facebook synchronization feature on your phone.

Want to stop Facebook from suggesting you as a friend to others? Go to “Privacy Settings” click on “Settings” for “Basic Directory Information”.  When you get there, set “Search for me on Facebook” to “Friends Only”.

Always remember this: If anyone solicits you directly about money, assume it’s a scam. Ignore and defriend that profile immediately. An easy way to defriend someone is to go to their profile and scroll down the left column until you find “Remove from Friends”.

5. Click carefully
The biggest dangers on Facebook are the links that appear on your wall. With one bad click, you could end up on a site that attempts to serve you malware or scam you using phishing tactics. One, bad ‘like’ and you could end up spamming all of your friends. That’s why you have to remember that links are not your friends.

The most popular Facebook scams involve gift cards and hilarious videos and diet advice. So far most attacks on the site have been more annoying than harmful. But without vigilance, you can be sure that vicious scams and malware are heading your way.

The best antidote to bad links is Internet security with browsing protection. You can double-check any link before you click it by copying it (right-click on it in Windows) and pasting it into F-Secure’s free Browsing Protection.

Prevention is your best cure. Realize the more sensational or strange or generic a link is, the more likely it is to be malicious. Again, links are not your friends. Apply the same caution you’ve learned to use when you’re checking email to checking Facebook. And just because your friend or family linked something, doesn’t mean you have to click on it.

6. Don’t rely on Facebook to protect your privacy
The whole point of Facebook is to “connect and share with the people in your life.” But there’s a point, for nearly everyone, where all the connecting and sharing can be too much—especially as your information becomes increasingly available to people who aren’t necessarily “in your life.”

So whenever you use Facebook, you have to ask yourself two things: Who do I want to see what I’m doing? And how would I feel if the whole world saw this?

There’s no technical tool to stop your friends from sharing your information. But Facebook does offer you the tools to control who sees your activity. That’s why you need to get to know your privacy settings.

Start at “Account”> “Privacy Settings”. Then click on “Settings” for “Basic Directory Information” . This is where you decide who can find you and what they’ll see when they do.

You get to decide.  How easy do you want to make it to find you on Facebook? Which is more important to you: privacy or connection.

If you’re more interested in connection, select “Everyone” for the top three settings “Search for me on Facebook”, “Send me a friend request” and “Send me a message”. Then consider making all the other settings “Friends Only”. This will encourage people to become your friend, and it gives you more power over your information.

Next you can click back to “Privacy Settings” and set how you share on Facebook.

You can go with the preset options or customize each category individually.

Your safest bet is “Friends Only.” You may want to want to open your activity to “Friends of Friends”; however, there is certain information that you should not make available to “Everyone”. This includes your birthday, your email address and IM, your phone number and address, political and religious beliefs and your family and relationships.

Why? All of this information may be public somewhere else, like a phone book, but you’re simply making too much identifiable information public in one easily accessible place. There may not be enough there for true identity theft, but you are giving a stranger enough information to pose as you online convincingly, which could be a problem if some potential employer or date is checking out your online presence.

You may also want to uncheck the box that says “Let friends of people tagged in my photos and posts see them.” This way you won’t unintentionally draw attention to an image one of your friends may not want others to see.

If you’re very interested in your privacy, you should continue and edit your Application and Website Settings.

Here you should do two things. 1) Remove any applications you aren’t using.  2) Click on “Turn off all platform applications”. Then you can select which applications you don’t ever want to show up on your wall ever again. That’s right. You can say goodbye to FarmVille forever, if you want to.

You can also turn off all platform applications, which will keep your friends from automatically sharing your information with the applications they’re using. Not a bad idea.

Next you can click on “Game and application activity”. Click “Customize” and select “Only Me” to keep all of your Game and application activity to yourself, which is a good idea if you’re friends with people (read: co-workers) who may judge how you spend your time.

After that, take a look at “Info accessible through your friends”.  Here you’ll see all the information that is available to the applications your friends decide to use. That’s right, your friends share all this information automatically with the applications they use.

Once you see that screen, you may want to go back to “Turn off all platform applications”. Why not turn it off until you have a good reason to turn it on?

Now we’re at “Instant Personalization”, which is controversial because Facebook opted all of its users into it. Of course, it warned everyone through an update to its Privacy Policy, but you probably didn’t take the time or coffee needed to figure that out.

So what does Instant Personalization do? It shares your information with three Facebook partner sites: Docs, Yelp and Pandora. Could more partners be added? Yes. Could you just opt out of one or two? Yes. Just click on Docs, Yelp or Pandora and then click on “Block Application.”

Again, unless you know you want to share information with these sites, it’s a good idea to opt out for now.

If you made it this far, you will be rewarded. We are now at, perhaps, the most important Facebook privacy setting: “Public Search”.

You probably heard how recently the information of over 100 million Facebook users was made available for download. All of that information was public before a security researcher took it and turned it into one downloadable file. Those 100 million Facebook users probably had enabled public search.

This is where get to decide if the whole world can find your Facebook profile and information. With one click, your profile could become the top result of a Google search for your name. If you want to avoid disclosure of your information to the world, you may want to start by limiting who can search for you. I recommend that you do not click the box to “Enable public search”.

So those are the tools Facebook gives you to protect your information. They’re complex, and that’s probably on purpose. Facebook is not shy about encouraging it’s users to share and share and share. That’s why you have to remember that Facebook (and your friends) can’t share anything you don’t post to the site.

So be careful not to post anything that can be used against you. This includes travel plans and itineraries,  complaints about bosses, co-workers and customers, company secrets, threats… Has anyone actually had a home robbed after posting plans on Facebook? Yes, indeed.

There are a million things you shouldn’t post. And you are the only person who can decide what you SHOULD share with Facebook and the world. So choose wisely.

Bonus tip: Use Facebook’s one true security feature
Facebook’s one true security feature is simple but powerful. Facebook will inform you anytime any new device accesses your account. That means if some PC or smartphone you’ve never used before logs into your account, Facebook will email you.

To turn this feature on, go to “Account Settings”. Then select “Account Security”.

Just click “Yes ” and then “Submit”.

Now, what do you do if you find out that someone beside you accessed your account? Change your password immediately. On the “Account Settings” page find “Password” and click “change”.

OK. That’s all I know about making Facebook safer a place for you and your friends. For ongoing tips you can follow F-Secure on Facebook. Do you have any tips to add?

More posts from this topic

15855489588_6c209780a9_b

How “the Cloud” Keeps you Safe

“The cloud” is a big thing nowadays. It’s not exactly a new concept, but tech companies are relying on it more and more. Many online services that people enjoy use the cloud to one extent or another, and this includes security software. Cloud computing offers unique security benefits, and F-Secure recently updated F-Secure SAFE to take better advantage of F-Secure’s Security Cloud. It combines cloud-based scanning with F-Secure’s award-winning device-based security technology, giving you a more comprehensive form of protection. Using the cloud to supplement device-based scanning provides immediate, up-to-date information about threats. Device-based scanning, which is the traditional way of identifying malware, examines files against a database saved on the device to determine whether or not a file is malicious. This is a backbone of online protection, so it’s a vital part of F-Secure SAFE. Cloud-based scanning enhances this functionality by checking files against malware information in both the local database found on devices, and a centralized database saved in the cloud. When a new threat is detected by anyone connected to the cloud, it is immediately identified and becomes "known" within the cloud. This ensures that new threats are identified quickly and everyone has immediate access to the information, eliminating the need to update the database on devices when a new threat is discovered. Plus, cloud-based scanning makes actual apps easier to run. This is particularly important on mobile devices, as heavy anti-virus solutions can drain the battery life and other resources of devices. F-Secure SAFE’s Android app has now been updated with an “Ultralight” anti-virus engine. It uses the cloud to take the workload from the devices, and is optimized to scan apps and files with a greater degree of efficiency. Relying on the cloud gives you more battery life, and keeps you safer. The latest F-Secure SAFE update also brings Network Checker to Windows PC users. Network Checker is a device-based version of F-Secure’s popular Router Checker tool. It checks the Internet configuration your computer uses to connect to the Internet. Checking your configuration, as opposed to just your device, helps protect you from attacks that target home network appliances like routers – a threat not detected by traditional anti-virus products. So the cloud is offering people much more than just extra storage space. You can click here to try F-Secure SAFE for a free 30-day trial if you’re interested in learning how F-Secure is using the cloud to help keep people safe. [Image by Perspecsys Photos | Flickr]

June 30, 2015
BY 
Mikko Hypponen What Twitter knows

Your favorite breakfast cereal and other things Twitter knows about you

At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for, like a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason

May 15, 2015
BY 
WhatsApp Scams

WhatsApp Scams: 3 Things you Need to Know

F-Secure Labs reported this week on a new WhatsApp scam that’s successfully spammed over 22,000 people. Spam seems to be as old as the Internet itself, and is both a proven nuisance AND a lucrative source of revenue for spammers. Most people don’t see what goes on behind the scenes, but spammers often employ very sophisticated schemes that can expose web surfers to more than just ads for Viagara or other “magic beans”. Spam typically tries to drive Internet traffic by tricking people into clicking certain websites, where scammers can bombard unsuspecting web surfers with various types of advertising. Profit motives are what keep spammers working hard to circumvent spam blocks, white lists, and other protective measures that people use to try and fight back – and it can pay off. Numerous spammers have been indicted and suspected of generating hundreds of thousands of dollars in revenue from their spam campaigns, with one study projecting that spammers could generate in excess of 3.5 million dollars annually. While most spam circulates via e-mail, the popularity of services like WhatsApp is giving spammers new resources to exploit people, and new ways to make money. Here’s a few ways spammers and cyber criminals are using WhatsApp to make money off users: Following Malicious Links: One way that cyber criminals use WhatsApp to scam people is to trick them into following malicious links. For example, a recent scam sent SMS messages to WhatsApp users telling them to follow a link to update the app. But the message was not from WhatsApp, and the link didn’t provide them with any kind of update. It signed them up for an additional service, and added a hefty surcharge to victims' phone bills. Sending Premium Rate Messages: Premium rate SMS sending malware was recently determined by F-Secure Labs to be the fastest growing mobile malware threat, and WhatsApp gives cyber criminals a new way to engage in this malicious behavior. Basically the users receive a message that asks them to send a response – “I’m writing to you from WhatsApp, let me know here if you are getting my messages”, “Get in touch with me about the second job interview”, and various sexual themed messages have all been documented. Responding to these messages automatically redirects your message through a premium rate service. Spanish police claim that one gang they arrested made over 5 million euros using this scheme – leaving everyday mobile phone users to foot the bill. Manipulating Web Traffic: A lot of spam tries to direct web traffic to make money off advertising. As you might imagine, this means they have to get massive numbers of people to look at the ads they’re using for their scams. Scammers use WhatsApp to do this by using the app to spread malware or social engineer large numbers of people to visit a website under false pretenses. F-Secure Labs found that people were being directed to a website for information on where they could get a free tablet. In March there was a global spam campaign claiming people could test the new WhatsApp calling feature. Both cases were textbook scams, and instead of getting new tablets or services, the victims simply wasted their time spreading misleading spam messages and/or exposing themselves to ads. WhatsApp and other services are great for people, but like any new software, requires a bit of understanding to know how to use. Hopefully these points give WhatsApp users a heads up on how they can avoid spam and other digital threats, so they can enjoy using WhatsApp to chat with their friends. [ Image by Julian S. | Flickr ]

May 8, 2015
BY