Before I get into Facebook and its current issues, I’d like to pass along a portion of an email I received today from KnowBe4. KnowBe4 is the company I use at work to help test and train our users in email security. If you’d like read more about them click here.
I receive a “Scam Of The Week” email from KnowBe4 every week. Todays was very relevant, at least to me. The headline is “Fiendishly Clever Gmail Phishing You Need To Know About”. If you’re not sure what a “phish” email is, to sum it up, it’s any email that impersonates someone else. A good example that I bet a lot of folks have received, is one from FedEx claiming that they need you to click on an attachment or follow a link because they couldn’t deliver a package. The attachment or link is nothing but a malware-laden delivery tool. Either will infect your PC leaving you open to become a victim of a crypto tool (something that encrypts all the files on your PC, then the bad guys make you pay money, usually in bitcoin, to unlock your files. Most of the time they take your money and never decrypt your stuff). Or your PC becomes a “bot” under the control of the same bad guys, causing it do malicious acts without your knowledge.
Here is the quote from today’s scam;
“There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.
Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.
Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”
So what about Facebook? If you used an app called “My Digital Life”, you have not only allowed your information on Facebook, but you have also allowed anyone in your contact list to have a limited part of their data shared. Again without your knowledge.
This breach is so bad that Facebook founder Mark Zuckerberg is testifying in front of Congress as I type this. The impact of this event is that 87+ million people have had their information shared.
I cannot stress how important it is to NOT USE ANY FACEBOOK APPS this includes games. I would also strongly recommend that you DO NOT do any of the “surveys”, like What Animal Am I, or the ones that give you a list of months and days to make up a name of some kind. Just think what you just did if you responded to one of those. In the case of the ones that tell you to post your answer and you do, you just publically posted your birth date. So anyone watching these posts (and believe me, they do track this stuff) now not only knows your name but your birthday too. It would only take one or two more little pieces of information and next thing you know your identity has been compromised. It’s scary.
And as you can see at the bottom of this post, I use both Twitter and Facebook. I’m not saying you shouldn’t enjoy them. Just be careful, please.
So, a few tips to make things a bit safer;
- Do not click on any attachments or links in any email where you don’t know the sender or if there is no reason that they would be sending you an email of this type. Going back to my FedEx example above the email claimed the attachment was a shipping label you needed to open and print. So look at the reasoning. They can’t deliver a package to your location. So why do you need to print a shipping label? That would be the responsibility of the shipper, not the recipient.
- Be suspicious of emails coming from known sources. It is very easy to spoof an email address. Just because a family member or a friend sends an email with an attachment or a link doesn’t mean it’s legit. Ask yourself “Self! Why would so and so be sending me an Excel spreadsheet?” Be wary my friends.
- When on any social media (Facebook, Twitter, LinkedIn, etc..) be very careful of the information you post. The bad guys are monitoring all those sources very closely and will not hesitate to scrape any data they can get their grubby little paws on.
- And make sure you have a good anti-virus and anti-malware program installed. And keep it updated. AND scan your PC on a regular basis.
- Finally, NEVER, NEVER, EVER post information such as your phone number, your email address, or your home/work addresses on a public forum such as Facebook. You’re just inviting someone to steal your identity.
These exploits are not limited to Windows PCs (although since Windows has the biggest share of users in the world they get targeted the most). There are exploits for Mac/Apple (including iPhones/iPads/iPods), Android, Linux, you name it. Someone has written an exploit for that operating system.
If you have any questions about PC security, please leave a comment!
So let’s be careful and happy internetting! (Yeah I made that word up)
EDIT: This link came across my Twitter this morning. It will give you a tool to see if your data was “shared” in the Cambridge Analytica breach. Click here for the link (you do need to be logged into your Facebook account for it to work).