Cleaning up after facebook

We have had a flurry of customers, friends and family members ask for help recovering from facebook scams recently, and there seems to be no end in sight.

The typical chain of events is that a facebook user decides to view a video or picture that they notice “advertised” in their feed or on another friend’s wall.  In order to see the video or picture, the user has to click the like button and follow a series of steps.  Chances are, the scammers running the scheme are interested in one of several things: your facebook credentials, inspiring you to download a virus disguised as a movie player or other software, or encouraging you to visit a website that places malicious programs on your computer.

When the scam leads to a virus or malware being installed on your computer without your knowledge, the group quite possibly has control of your computer and perhaps the availability to see and collect passwords and secure information used to login to bank accounts, email, workplace applications and yes, even facebook.

How do you tell if a popular video or picture is a scam?

Here’s a recent scam, and some tips.

Babysitter Goes to Jail After She Uploads This HORRIBLE Baby Photo Online

A screenshot after clicking the link to the facebook page

A couple things tipped me off right away.  First, in the lightly shaded box that contains a sampling of people who like the picture, you can’t click on 2,325 people to view their names.  You also can’t click on the individuals listed in the shaded box.  I clicked on the Wall tab to compare numbers of fans.  When I first started writing and researching this piece on Sunday evening, there were over 200,000 fans.

Screenshot from wall view

As of Monday evening, there were only 73 fans.  That’s good!  200,000 people realized this was a scam and unliked it.  You can also see the Report Page link is circled.  You can always click that link to report a page for spam, inappropriate material, etc.

Here’s another feature of the page that made me think this page was bad news:

I couldn’t click on Andrew Martin Tomlinson to view his profile.  When I used the facebook search box to find him, here’s the profile I found:

When you change your profile picture on facebook, it follows you everywhere until you change it again.  Because the search results only found one Andrew Martin Tomlinson, they should have shown the same profile picture in both locations.  Because the text in that lightly shaded box wasn’t clickable, it was likely a screen shot.

Odd grammar and misspellings, too good to be true promises of goods or coupons, or requiring you to fulfill certain steps before viewing can also be signs of a facebook spam page.

Don’t feel bad if you have fallen prey to such a scheme – the strategies for persuading people to follow through with the instructions are becoming more and more believable, and some users are reporting that the like button is actually being hidden under other text causing accidental clicks.

What should you do if you have made this mistake?  First, delete the link from your page.  This will stop other friends from making the same mistake you made.  Also, if another friend begins sending weird video and photo links to your wall, delete those as well and notify the friend.  And, change your facebook password.  Many business sector security policies require users to change passwords for email and computer login every 45 days, and that is not a bad idea for social networking accounts like facebook.

Additionally, on your own profile under your account settings, click on the application link to see what applications are currently running and showing in your facebook profile.  All of these applications can access some of your facebook information, and sometimes your friends’.  If you don’t use an application or don’t know what it is, delete it.

And, if you believe your computer was compromised, run an antivirus/malware scan immediately.

You can also visit the facebook security page to learn more about what happens if your account is hijacked, and what type of schemes invite trouble for facebook users.

Digg This
Stumble Now!
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter

No Comments

Joel Althoff, July 13th 2010 | Tags: , , , , ,
Posted in Security, Solutions

The Annoyance of Encrypted Searches

A month ago, Google rolled out its encrypted search option, which allows users exploring through https://www.google.com to seemingly search in stealth mode.

For public library and internet cafe users, bored private sector employees, and non-American Googlers, this news was heralded with great excitement and a flurry of key presses; nobody can see what we are Googling anymore!  (To be fair, I must also mention that Firefox also rolled out an extension last week called HTTPS Everywhere that encrypts data between users and sites whenever possible, but I haven’t had a chance to read more on the release.)

For many other users and network administrators, encrypted searches are a minor annoyance.

For example, our K-12 Education clients that rely on federal E-rate funding for bandwidth and internet related hardware must comply with the Children’s Internet Protection Act (CIPA).  Adherence to CIPA policies requires that schools design and implement a policy that monitors the online activity of minors.  Allowing students to use encrypted searches, whether through Google or elsewhere, violates CIPA and a school’s qualifications for E-rate funding.  Google is aware of the issue, and recently changed the url of their encrypted search to https://encrypted.google.com.  Schools looking to block access to Google’s encrypted search engine should be able to do so within their URL filters or by blocking access to the above hostname.

Earlier I said that nobody could see what you were Googling when you used the encrypted search, but that isn’t exactly true.  Google still tracks and compiles that data, but webmasters and others that rely on analytics and search engine data to judge the effectiveness of their sites, products and marketing campaigns will no longer see what keywords led viewers to a specific webpage when using an encrypted search.  For many of our web hosting clients, this is dismal news.  Small- and medium- businesses typically depend on their website as the hub of their marketing presence.  If consumers are led to a site through an encrypted search, businesses will see the same statistics as if the consumer had simply typed the address in the browser without using Google’s encrypted search.

Many businesses will also find that encrypted searches are not allowed in their company Internet access/privacy policy.  We typically recommend that a privacy policy read something like this:

NO EXPECTATION OF PRIVACY- Employees are given computers and Internet access to assist them in the performance of their jobs. Employees should have no expectation of privacy in anything they create, store, send or receive using the company’s computer equipment. The computer network is the property of the Company and may be used only for Company purposes.  WAIVER OF PRIVACY RIGHTS- User expressly waives any right of privacy in anything they create, store, send or receive using the company’s computer equipment or Internet access. User consents to allow company personnel access to and review of all materials created, stored, sent or received by User through any Company network or Internet connection.  MONITORING OF COMPUTER AND INTERNET USAGE – The Company has the right to monitor and log any and all aspects of its Computer system including, but not limited to, monitoring Internet sites visited by Users, monitoring chat and newsgroups, monitoring file downloads, and all communications sent and received by users. Failure to monitor in specific situations is not a waiver of the Company’s right to monitor.  BLOCKING SITES WITH INAPPROPRIATE CONTENT-  The Company has the right to utilize software that makes it possible to identify and block access to Internet sites containing sexually explicit or other material deemed inappropriate in the workplace.

If Google’s encrypted search remains an optional tool, it will remain just a minor annoyance for IT staff.  But, if Google favors the encrypted search for its sole search engine, schools, webmasters and businesses may be Googling for a new search engine.

Digg This
Stumble Now!
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter

No Comments

Joel Althoff, June 29th 2010 | Tags: , , , , , , ,
Posted in Education, Security