Who is checking my profile?

The first scam in this series is the “Who is checking my profile?” scam. It looks innocent enough. A graphic made up of friends’ avatars and below it, their names tagged.

Clicking to add the app yourself will screw you beyond belief. It will, like any Facebook app, ask for permission to have access your data, but rather than safely use the data for normal usage like, “Hey it’s your birthday,” it proceeds to steal your personal info. Identity theft via social media. This is especially dangerous if you are using Facebook credits for games (like Farmville) as your bank or credit card info is now in the hands of the scammers.

Notice in the enlarged image the first comment: “Try it, really works!” This comment is consistent within this scam. The comment is then followed by a link to an app that seems like gibberish. A legitimate app would have a URL that mentions the app’s name.

TIP: If you see that you’ve been tagged in a photo, before clicking, see if it’s a friend of yours. If not, do not click. Ignore. If it is a friend, click through only to see the image. If it’s not a photo of you, leave the page or report it. It’s likely this scam, or one similar.

Which One Are You?

The Attention Whore:
Attention Whores are most commonly found on social networks that allow numerous photo uploads: MySpace, Facebook, Flickr, TwitPic et al. Typically teenage girls (and boys) who have no shame in posing half or fully naked in their messy bedrooms, with pouty lip poses and too much mascara. They will be informed on the next job interview that their likeness appeared on the cover of a GGW video

The Over Sharer:
The Over Sharer has no understanding of “TMI”. Their profiles have far too much personal data: from their cell numbers to their home address to their last bowel movement to links to their family tree on Ancestry.com. In short, everything needed for identity theft! These are people stupid enough to post their personal data over Twitter because, “I only have 16 followers and I know all of them.” The Over Sharer will suffer identity theft twice in one year.

The Snitch:
The Snitch is the company douchebag. He (and it’s usually a he) feels compelled to leak company intel such as layoffs, pitches and new product releases to industry blogs and forums. No one knows what drives this dirtbag to destroy the job security of his coworkers, nor why he does it. There is no fame (tips are anonymous) and no pay. If you’re going to screw your company over, at least have the smarts to get paid for it! This type is easily caught by IT despite the Snitch’s clearing his browser cache. Alas, he forgot to remove his IM logs.

The Plugin Nazi:
“OMG, you must get this plugin!” This type downloads every blog plugin known to mankind, beta or official, tested or not. No review is too unfavorable to dissuade this dolt from installing the latest. Sadly, installing the latest does not include security plugins. They just “don’t make your blog look cool.” The Snitch blames his constant MySQL errors on “the hackers” when it’s more likely just incompatible plugins.

The “Spook”:
The Spook is not really in any sort of intel group, nor has s/he ever worked for any government agencies requiring any sort of clearance. But the Spook wants you to believe s/he has top security clearance. In fact, the Spook cannot resist letting you know that they know something you don’t know, but they can’t tell you why or how they know what they know. You know? Spooks are basically liars that can rapidly be exposed by anyone really in the industry with a few standard questions. Eventually, the Spook will lie on the wrong forum and get taken out by the real spooks.

The Skeptic:
The Skeptic is the sort of person who basically never worries about security. Nothing bad can ever happen to them: their password is secure and besides: they have a great security question! No one knows their dog’s name. Except their friends on Dogster. And maybe their 973 Facebook friends. But besides that, no one knows. The Skeptic will be the sole person in their hometown made an example of by the RIAA for downloading one song illegally.

The Forwarder:
The aunt or mother who forwards you every chain letter email, every reforwarded joke , every “wait for it and scroll down” message. The Forwarder has no concept of scams, has never been to Snopes.com and can’t wait to send you the next good luck email that you must respond to in 24 hours, lest you suffer a broken leg and seven year’s bad luck. Worse than this person’s inability to strip out other forwards from an email, is this person’s gullibility. The Forwarder will disappear one day, only to be found dead in Nigeria after looking for the reward from a certain prince they shared an account with.

Which personality type are you?

Something Dave and I have been talking about a lot is trust.  This is an old topic that is coming into sharper focus as the years go on.  In simple terms, a trusted environment is one in which other members can be assumed to be who and what they appear to be:  that email from your Mom’s Facebook account, is legit, right?  The problem is that the Internet is not a trusted environment and requires validation.  How far we validate and require people to authenticate depends on the amount of risk we want to accept.  Reading a text based email from a long lost friend is probably ok but opening an attachment … probably not.

I’ve been reading some great work by Daniel Solove about the history of some of the issues we’re experiencing on the Internet.  (Props to David Mortman for making me aware of this guy)  Solove talks at length about how some social dynamics are distorted on the Internet in ways they aren’t in the physical world.  An ill-advised comment on Twitter could haunt you forEVER!

When we started using the Internet it was an insulated place and although true authentication was difficult, there were so few people using it, a phishing email would have seemed absurd.  Many people who are using the Web today, see it in terms of social media;  the friendly screens of Facebook or Twitter.  This is a confusing mix of real world friends and family and typical Internet ‘friends’.  Though even our relationships with some of these remote acquaintances is that of close friends.  Seen through the lens of Davezilla (click image for larger, downloadable version):

Part of the problem is that we’ve lost the healthy fear we once had of the Internet.  One of the results is that bad things are becoming more frequent.  Symantec’s Threat Report tells part of the story:  Between 2002 and 2008, new malware reported each year is exploding.

To be clear:  I think the benefits of all of the technology far outweigh the problems.  We just need to make sure we’re following some basic rules for this bad neighborhood.  We’ll never be able to eliminate all of the risks of using the Internet.  But you can reduce it to a manageable level making it much less likely that you’ll have problems.

Commonsense Media has a some great resources for Internet safety.

What are your thoughts about how we should be approaching this issue?

If you mark yourself as a fan of McAfee on Facebook, you can have a free six month trial of of McAfee Security Software for your PC. This is possible because of an agreement between McAfee and Facebook. According to McAfee:

“Research has shown that up to 78 percent of consumers do not have updated anti-virus, an enabled firewall and anti-spyware, and 48 percent of them have expired anti-virus, the most fundamental protection. So many people without even the most basic protection for their computers are an obvious risk to themselves, but also to people with whom they interact online. The agreement between McAfee and Facebook is designed to address this problem.”

To take advantage of this offer, head over to the Facebook Security page and click the tab titled, “Protect Your PC.”

1. You can remove passwords from edit-restricted PDFs. This article shows you how to defeat the PDF DRM.
2. How to edit your video online for free or cheap
3. The Automation Labs Facebook security scare. Yet another chain message tripping out folks on Facebook.
4. How to avoid YouTube scams
5. Spear Phishers target military