Case in point: in September, Facebook revealed that over 30 million user profiles were breached, with key personal data including names, contact information, gender, relationship status and location check-ins being compromised, and potentially exposed to data thieves.
The recent Facebook breach comes at a time when law enforcement and information technology security specialists deem data fraud protection to be a big issue, and a big challenge - for Facebook users, companies and organizations, and even the federal government.
Recent data from Experian, (EXPGY) one of the three major credit reporting firms, shows that, while companies share the blame for the recent uptick in data breaches, consumers are at fault, too - even as they downplay the threat from a cyber-breach.
According to the credit ratings giant . . .
- 64% think it's too much of a hassle to worry about securing personal information online.
- Only 26% of people search for themselves online to see if anyone else is using their identity.
- The number one perceived threat is data breaches, followed by email scams.
Yet 69% of U.S. adults (69%) say they use social media platforms like Facebook according to the Pew Research Center.
Americans use social media sites like Facebook for different purposes, including keeping tabs on friends and family, reconnecting with old friends, checking out the news, and to advance their hobbies, lifestyle interests and careers.
In doing so, Facebook users may be leaving themselves vulnerable to identity thieves, primarily by "oversharing" personal information that I.D. fraudsters can use to steal their personal data.
Even data as seemingly simple as your home address could be enough for a cyber-thief to crack your online identity. In that regard, it's imperative that you monitor and protect what you're sharing on Facebook.
What Is Facebook Fraud?
To understand Facebook fraud protection, recognize the meaning of social media fraud, as well, as the two are commonly linked.
Data fraud, often linked to identity theft and identity fraud, is defined by the U.S. Department of Justice as "all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.
Data fraud is often triggered by data breaches - the theft of sensitive, confidential information by unauthorized individuals who usually use that stolen data to commit cyber fraud - just like the one Facebook recently experienced.
By and large, data breaches can mean the theft of consumer finance data (like a Social Security number of bank account PIN and password); the theft of personal data; or the theft of intellectual property.
While Facebook offers users stringent security options, especially in its "Privacy Settings" page, it's really up to you to protect your data as a Facebook user - online and off-line.
Seven Facebook Scams to Watch Out for
Let's take a look at Facebook fraud specifically, examine the different scams fraudsters use on Facebook, and shine a light on effective ways consumers can protect their identities on Facebook.
1. The "See Who's Viewed Your Profile" Scam
This gambit tries to steer you toward a clickable link, and not toward any direct data showing who's viewed your Facebook profile. Instead, you'll likely be sent to a survey, gift card offer or content web page where you'll be asked to submit personal data, which a fraud artist can use to either sell your personal information, or use it themselves to commit some sort of identity theft fraud. Always know that Facebook doesn't monitor who is looking at your profile, like LinkedIn does.
2. The "See Who's Blocked You" Scam
Similar to the "view your profile" scam listed above, this tactic promises to provide a list of people and organizations that have blocked you on Facebook. Bypass any of these requests completely. By company policy, Facebook does not share the software data sets needed to show anyone who's blocking who.
3. The Facebook "Video" Scam
This scam is aimed at the inner ego of a Facebook user. It promises to release a social media video of you (or you as a part of a larger group) that has gotten a ton of "likes" on Facebook. Don't click on the link. There is no video, but there is a data thief who will take the information you provide and build a step-by-step targeted attack against your personal data.
4. The Facebook "Dislike" Scam
Fraudster's often use Facebook's ubiquitous "like" button as a springboard into this "bait and switch" scam. Here, the data thief will send you an email or text, and recommend you enable a Facebook "dislike" button to use on the social media site. While Facebook is currently testing a dislike "arrow" in New Zealand and Australia), it doesn't formally offer a dislike button on its site. If you click on the "disable" request, you may unknowingly be installing malware software on your site, which fraudsters use to scoop up your personal data. Instead, delete any messages that steer you to a dislike "Facebook" button.
5. The "Fake News" Facebook Scam
With this scam, a financial fraud artist sends you an email claiming a major event has taken place, like a horrible plane crash or the death of a celebrity, along with a provocative image. You'll click on to the "news link", which is actually a mechanism to trigger a malware installation, which automatically targets and gains access to your personal information on Facebook. Avoid a data loss scenario and delete all emails with dubious "news" from someone purported to be linked to Facebook.
6. The "Your Facebook Account Has Been Canceled" Scam
This scam involves "phishing," a scam that tries to get you to respond to emails purporting to be from actual people or businesses, and reveal your personal data, like passwords and credit card numbers. In this instance, the email purports to be from Facebook, warning you that your Facebook account is about to be canceled (in some instances the email may ask you to confirm your Facebook account.) The key is the scammer's request that you send your Facebook user name and password back in response, which a data thief can use to burrow down into your Facebook profile and steal sensitive information. To avoid this particular scam, never rely on an email for any official message from Facebook - the company will send any message directly on the site.
7. Product Testing Scams
While this scam isn't unique to Facebook, given the wide use of Facebook, it's one that fraudsters love to try out for size. Here, a message will pop up on Facebook offering you money, gift cards or an actual product if you "test-drive" a device, like an Apple (AAPL - Get Report) iPhone or Apple Watch. Don't go for it. The gambit is not endorsed by Apple (and most reputable companies with other products) and it could lead to data loss if you click on any "product testing" offers.
How to Protect Your Data on Facebook
Here is a list of preventative measures you can take to protect yourself from becoming a victim of Facebook-related identity theft or fraud.
- Use smarter passwords: To thwart Facebook fraud attempts, ensure that each of your computers, tablets, and mobile devices are password or pin protected. Your best move? Use a different password for each of your online accounts. Your Facebook password should be at least eight characters long, with no mention of personal information or names, and include upper and lower-case letters, numbers, and special characters.
- Bypass dubious websites, emails and links: Avoid clicking on any links from sources you don't know. The fact is, emails, texts and web pages can be "mocked up" to emulate Facebook, or even your credit card company or bank, for that matter. Remember, Facebook won't send an email asking you to click on a link and enter your personal data - they already have it stored on the site.
- Establish social media security replies. Social network users should always add a layer of protection in the form of two-factor authentication, which is offered on all major social media sites, including Facebook. By definition, two-factor authentication offers extra protection by ensuring that only you alone can access your online accounts, even if another individual knows your password.
- Never "friend" anyone you don't know. Typically, data fraudsters will ask to "friend" you on Facebook - it's the first and most common way a data thief will reach out to you. If that occurs, reject the request - it's likely the opening step for a fraudster to steal your personal data.
- Be "share" smart. When you do post information on Facebook, do so carefully. Never share any personal data like your home address, telephone number, or any personal financial data, no matter how minor it may appear to be. Savvy data scammers can take even your residential address, your email address or your phone number, and through tricks of the trade, use that data to get to your bank account, credit card number, or even your PayPal account.
- Get educated on privacies. Most Facebook users never lay an eye on the company's privacy policies, and that's a mistake. Facebook's privacy policies allow you to better protect your personal data by customizing your account settings to maximum effect, and allow you to control who sees your posts. Those are good "first steps" in protecting your identity on Facebook.
Here's how to manage your Facebook privacy settings. Log on to Facebook and click on "Privacy Settings." Once that's done, you can better manage your profile access to control who views your posts and who can't.
By and large, only share your posts and contact data with your Facebook friends, and not the general public. That should build a good wall against financial fraudsters who want easier access to your Facebook account.