honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Saturday, September 19, 2009

Online thieves prey on Twitter, Facebook


By Kim Komando

You're careful about what you post online. You know Facebook and Twitter posts can harm your dating and job prospects. And thieves can use the sites to target you.

But there's much more to maintaining your security and privacy. Criminals and marketers have found new ways to use Twitter and Facebook. If you're not paying attention, it's easy to get taken. You'll find links to the sites mentioned here at www.komando.com/news.

SHORTENED URLS

Twitter limits posts to 140 characters. So, shortened URLs (Web addresses) are common. You'll also see them on other sites. URL services create the shorter addresses.

Unfortunately, unless you take extra steps, you don't know where the link leads without clicking it. You could be sent to a porn site or worse — an attack site.

TweetDeck, a desktop program, will protect you. Or use the Long URL Please add-on for Firefox. Both reveal full URLs. Sites Untiny and PrevURL show full URLs in any browser.

'FRIENDS' IN NEED

Unsurprisingly, criminals are stealing Facebook log-in credentials. Accounts contain sensitive information, but there's an easier way to profit.

Criminals send messages to your contacts, pretending to be you. You were mugged while traveling overseas, they say. You need money to get home. They hope to milk your contacts.

Expect to see variations on this scam. For example, a similar e-mail scam targets grandparents of military members.

A quick call can expose such a scam. To protect your contacts, keep your security software current and guard your passwords.

APPLICATION WATCH

Facebook applications make the site more entertaining but pose an unexpected risk.

They can access your profile. The developer can read your wall posts or collect your contact information.

Your applications see everything on Facebook that you can. You could be exposing your contacts' data. Or, your contacts could expose yours.

What can developers do with profile information? They may steal your identity. More likely, they'll use your data in ads.

Developers may sell advertising within applications. They are barred from using your personal information. Still, some may violate Facebook's policies.

To prevent this, only install verified applications. These have a green checkmark in the application directory.

To uninstall apps, click Settings, then Application Settings. Click the X next to an application to remove it.

Facebook has promised changes to prevent misuse of data. You should soon have more control over what data applications can access.

Facebook may use your profile pictures in ads it sells. This happens when you become a fan of a product or publication. These social ads are displayed only to your contacts.

To prevent Facebook from using your photo, click Settings, then Privacy Settings. Select News Feed and Wall. On the Facebook Ads tab, find the Appearance dropdown box. Select "No one" and click Save Changes.

And remember that ads on networking sites are much like newspaper classifieds. They're not vetted. Products may not work as promised. Or, they may advertise sham work-from-home opportunities.

QUIZZES AND GAMES

Quizzes and games often fall into the applications category. But they pose a threat different from other applications.

Quizzes and games may trick you into revealing personal information. Take, for example, the Twitter porn names game. Users were encouraged to create and post their porn names.

You create the name from your first pet's name and the street you grew up on. Some versions also call for your mother's maiden name or a teacher's name.

Many jumped on the trend and posted their names on Twitter. This information is often used in online security questions and password resets. The game may have been an attempt to trick users into revealing personal data.

Watch out for similar social engineering attacks. The best protection is vigilance — and a healthy dose of skepticism.


Reach Kim Komando at gnstech@gns.gannett.com.