Avoiding social networking scams

by Larry Magid

This post originally appeared in the San Jose Mercury News

More and more people are using social networking sites, including, sadly, criminals seeking to take advantage of the rest of us.

Threats on those sites include applications and quizzes, as well as malware, worms and viruses. But the main risk, says Trend Micro’s Rick Ferguson, is information you post yourself that can jeopardize your privacy and your security.

Ferguson says that “we have a tendency on social networks to share more information that we need to.” While you may need to reveal which schools you went to and where you worked to connect with old school mates or colleagues, “you don’t need to share your date of birth, phone number and address,” Ferguson said.

The threats are not limited to Facebook or MySpace. Ferguson also warns users not to be lulled into a false sense of security when using professional networks like LinkedIn. “Because it’s a professional networking site, people give it more credibility and think it’s safer than other networks,” he said, adding that you put yourself at risk by “posting your entire résumé and exposing your business connections.”

Both Ferguson and Symantec safety education director Marian Merritt warn about online quizzes and applications that are popular on social networking sites.

“Every time you accept an application, you’re giving some third-party developer access to information in your profile,” Merritt said.

She warns that “quizzes are sometimes attached to fraudulent marketing companies.” She said her own teenage daughter took an IQ quiz and had to put in her cell phone number to get her score.

“She didn’t notice that the terms of service would sign her up for premium texting until the bill came.” Fortunately, this particular teenage girl has one of the most cyber-security-conscious moms on the planet, who convinced the carrier to stop the charges.

Some quizzes and surveys reveal far too much information. I recently came across a third-party survey that asks users to reveal “60 Things You Didn’t Know About Me” with such questions such as “What are you wearing?” “When was the last time you were drunk?” and “How often do you have sex?” With answers to questions like these on your profile, it doesn’t take a sophisticated hacker to derive information that he shouldn’t have access to.

Some Facebook users don’t seem to be aware of the difference between private messages and wall postings. I have a friend who is posting personal messages to family members’ walls, unaware that those messages are seen by all of the person’s Facebook friends.

Ferguson says to beware of applications that don’t seem to have any purpose other than to spread themselves. Some of these applications automatically send notices to all your friends, telling them that you’re using the applications and encouraging others to install them as well. In addition to spamming your friends, these applications could be gaining access to your profile information and displaying unwanted advertising to all who sign up.

Company spokesperson Simon Axten said Facebook has a team of people and software tools working to enforce rules for application developers. MySpace, according to a spokesperson, also employs a robust security team and tools, including software to block outgoing and incoming spam and warn users about potential phishing sites.

Facebook’s application development process, said Axten, “is relatively open to stimulate innovation and allow people to develop quickly.” But he said developers must agree to a set of rules which, among other things, prohibit them from sending messages on the users’ behalf.

Developers are now required to disclose what information they collect during the installation process, and Axten recommends that users “pay attention to those notices.” He said developers are allowed to collect only the information that they need to run the application, but that can sometimes include profile information and the profiles of your friends.

On all sites, be cautious about clicking on any links, especially those shortened ones that are commonly used on Twitter. If a link is shortened by bit.ly or tinyurl, you have no idea where it will lead you until after you click. Most security suites can warn you before your browser opens potentially dangerous Web sites.

There are other threats, including the Koobface worm, that can steal your password and send spam from your account. Most Internet security programs will protect you against this and other malware.

Users should also be careful about links that appear in posts and messages that could lead to phishing or malware sites. And put on your thinking cap before responding to a friend’s plea for money, even if it comes from your friend’s Facebook account and includes a horrendous story such as being stuck in an overseas jail. Try to reach your friend some other way before responding, because it’s likely a scam.

Disclosure: I am co-director of the nonprofit Internet safety organization, ConnectSafely.org, which receives support from Facebook, MySpace and other social networking companies.

Predator Panic a risky distraction

by Larry Magid

I’ve been an Internet safety advocate since 1993 and right now I’m discouraged and angry about what’s going on in this field.

I’m angry because people who ought to know better are trying to mislead the public with false information about online risks, which is diverting attention away from real risks. And I’m not alone.

Many respected online safety organizations and leading youth-risk researchers are trying to shift the discussion away from mostly predator danger to youth behavior risk. Thanks to some politicians, it’s an uphill battle.

Online safety groups and public officials should be spending our time educating families on how to avoid real risks that affect most kids – like bullying, harassment and unwanted exposure to inappropriate material. We also need to do a better job of identifying and reaching the small minority of “at risk” kids who are putting themselves at greater risk by the way they behave online. Continue reading

Net safety task force says predation risk exagerated

by Larry Magid

A long awaited report from the Internet Safety Technical Task Force concludes that children and teens are less vulnerable to sexual predation than many have feared. The report also questions the efficacy and necessity of some commonly prescribed remedies designed to protect young people.

The task force was formed as a result of a joint agreement between MySpace and 49 state attorneys general. Continue reading

Guest commentary: Don’t stop the dialogue!

By Hemanshu Nigam

It’s New Year’s Eve, and your teen is all decked out and ready for a big party. She’s got her iPhone, BlackBerry, or some other cell phone with a camera in her pocketbook. And she’s ready to roll. You’re glad she’s got these gadgets so you can get in touch with her. You tell her to call to check in, to let you know she got there safely, to ask for permission to stay later. She agrees. You give her a quick hug and run upstairs to get ready for your own party to celebrate the arrival of a new beginning. You even remember to put the new digital camera you got for Christmas by your purse so you don’t forget it. Continue reading