In September, Facebook reported that accounts of 50 million members had been hacked. Many suspected criminals or a hostile state, but it turns out that spammers committed the attack. This development suggests a new front in the battle for social network security; threats that not only come from rogue nations and criminals but, now, unscrupulous advertisers.
Facebook has taken some steps to fix vulnerabilities, though historically, countermeasures on the interface side proceed more slowly than violations. Technical tips for how to change passwords, permissions, and login authentication have come online to help users protect themselves from future intrusions.
There are some additional steps you can take to improve your account security. You should consider changing what you post and how you respond to individuals in your network. Advanced spamming software can interpret both the content and sentiment of comments. What you post, how you write, and what you “like” factor significantly into the online profiles spammers accumulate. Consider taking the following steps.
Ignore Posts Masquerading as Data Miners
A friend once tagged me on a 25-question “anonymous” survey. It contained personal questions mixed in with others about a soft drink. I believe my friend found this survey appealing because it asked friendly questions most people like to answer (questions about themselves), and buried the soda questions in such a way as to obfuscate its true objective; to gather information for a large soft drink company. Avoid surveys and polls, particularly if questionnaires lack explicit information as to originators and purpose.
Manage Photo Tagging
It is very difficult to prevent having your comments and photos tagged by another friend. Facebook, for example, does not allow members to prevent others from tagging them. Fixing things requires direct communication with the friend or family member who implemented the tag. If the friend rarely logs on, you will wait a long time for resolution. Friends may also ignore or decline your request, setting up an awkward correspondence.
You cannot control the behavior of others in your network, but you can control your own profile. Post a high-quality photo of yourself, one that depicts you in a positive way. Write a brief description in your bio that reflects something you want people to know about you. That way there will be on record an authentic “anchor” profile of you.
Ignore tear-jerker and guilt-tripping posts that say, “I bet not 1 person will repost this (insert sad story about dog with sleep apnea).” These posts are developed to aggregate “likes” so that spammers can surreptitiously trace your activity on the network. By responding you make yourself their target.
Choose Friends Wisely
Consider carefully whom you choose to friend. Only accept friend requests from people you know in real life, or those about whom an associate can speak highly. Don’t mistake online friends for real life friends. Hackers steal profiles of friends in your network. Verify repeat friend requests with a phone call.
Delete Friends Who Violate Your Wishes
It has been said that you are known by the company you keep. If a friend repeatedly does something that violates your own ethics and/or activity online, delete them from your network. Online you are concerned about your profile, and you don’t want to be connected to bad actors, no matter how close they may be. Neither should you post or address your concerns about the troublemaker online. If you care about the offender, find an off-line means to reach out.
I advise against any and all in-network (Facebook) apps. Most (particularly games) are little more than data funnels. You do not know where the information ends up, nor do you know how well the app creators protect it from intrusions. If social network apps are important to you, examine each one to see which third-party applications may have access to your personal information. Delete the old and unused apps.
If you want to take an extra step, do not download and use special apps on your phone to allow connectivity to social networks. Use the phone provided browser, and, if possible, block cookies. An app has more powerful features than a browser, giving malicious developers and hackers deep access to the personal and possibly financial information stored on your phone. The first (and last) time I installed such an app it siphoned my contacts and spammed each and every person on the list. Had they kidnapped a few contacts instead of stealing the information – that would have been OK.
Do Not Use Your Social Media Account/Password to Log On To Other Services
Do not use your social media account to access other applications or complete financial transactions. Evidently, the Facebook hackers accessed data through a glitch in the “View As” tab, aggregating the activity histories and locations of users. An estimated 14 million users may have had this more extensive personal information stolen. Use distinct passwords for all sites and applications, and change them on a routine schedule.
The American Abolitionist Wendell Phillips once declared, “Eternal vigilance is the price of liberty.” The same is true for social media. The vigilance detailed here will help you avoid some pitfalls and give you greater peace of mind while online.