Sunday 20 February 2011

Facebook: Protecting yourself from viral links

This entry is different from my normal posts. It's a response to the increasing number of viral links cropping up on Facebook. These are more than annoying and could in fact be ways in which unscrupulous people steal your personal data.

Okay, here’s how it works... One of your friends appears to post a comment on their wall urging you to click a link. For example:

Or this:

Or even:


The first thing to do is think "Why would my friend post this sort of link?". If it seems out of character, think carefully before clicking further.

Note the bit at the bottom. This was posted via “Who Visited You”, "9-9" and "Dad Caught Her Strippin". These are Facebook applications that have written the message. Sometimes these are okay (e.g., posted via iPhone/Android/Blackberry - apps you've installed on a mobile phone or tablet). But in these cases, it should cause alarm bells to ring.

So what happens when you click the link?

The link will try and get you to agree to install an application on your page. It's worth noting that Facebook applications have full access to your profile information, including your list of friends.

Here's the simple rule: Do not allow the application to install!

Applications like “Who Visited You” and others will pull in a list of your friends and write on their walls or update your status, pretending to be you and aiming to trick your friends into clicking the link.

Basically, it’s a computer virus.

Why do the application writers do this? Probably to try and harvest as much marketing information about you as possible, but it could be more insidious. If you’re publishing common “known facts” about you (e.g., your date of birth or what schools you went to), it could be used to steal your identity. Think of some of those security questions you get prompted for when you forget your email or online shopping account password. Are those answers in your profile?

Clearing up after it's happened...

If you’ve been caught out by one of these scamming apps, click the Account button at the top right of the Facebook window and select Privacy Settings:

Under “Apps and websites”, click the “Edit your settings” link:

Under “Apps you use”, click the link for “Remove unwanted or spammy apps”.

Delete (click the X on the right hand side next to the app) for all the apps you don’t want to have access to your personal information (the apps in the screenshot below are all valid apps, but you should look out for the dodgy ones).

In addition to the really obvious dodgy apps (such as those illustrated above), consider if you really want "How Blonde Are You?", "Which 80's song describes your life?", "Are you a potato?" (seriously?) or... "FarmVille" to have access to your personal data. Because when you sign up for one of these questionnaires or games, that's what you're doing.

When all the dodgy apps are removed, change your Facebook password!

Keeping safe on Facebook

Finally, if you don't believe me, at least watch this short YouTube video from anti-virus company Sophos that shows how these applications try and trick Facebook users into giving away personal data:

Your identity is important. Look after it.

Safe browsing!

No comments: