Facebook is a great way to communicate and catch up with old friends and family. Unfortunately, because it is so popular, it is a target for various bad apples to come and try to steal your information away from you. Here is a list of how to keep safe.
Before we get to the list, let’s talk about how these attacks work. A link appears on your feed. It gets your curiousity, so you click on it. You get linked to a page where either have to give permissions to some strange app, or get to a page telling you to either click a link or like the page. Doing either of these things will allow your profile to spam the link out, thus perpetuating the attack. Then, you’ll get redirected to a page telling you to put in your phone number, download some software, or some other piece of information. Of course, doing these things will cause bad things to happen – you’ll either get subscribed to a useless $10/day text service, or a virus on your computer, or your identity stolen in some way or another.
Safety Basics
Now you know the absolute basics about how such an attack can happen, here’s how to prevent it.
1. Never click on a strange link, especially if has a high number of likes on it. Essentially, treat any link on Facebook like an email attachment – is it strange? Is the message it came with garbled and doesn’t sound like the person who sent it? Is the link exploitative? For instance, a couple of links circulating on Facebook include a girl getting caught by her father in the middle of a sexual act, a video of Amy Winehouse’s death, or Lady Gaga’s death. Usually, like with email attachments, if it’s too good to be true, involve some sort of celebrity in a compromising (or in this case, deadly) situation, or it comes from a person who wouldn’t post something like that, don’t click on it.
2. Change your password on Facebook, and change it often. This is for another reason altogether, but it’s still a good way to keep safe. What I like to do is to type in a word related to whatever service the password is on, leet the word (changing out various letters for similar looking symbols), and add a number afterwards. This is a simple way to create a strong and easy to remember password. If you have trouble coming up with a password, there are numerous strong password creators out there.
3. Use a fake email on Facebook. Most of these malicious Facebook apps love sending you email, so if you do get infected, this is a way to protect your personal email account. Even better, use a service like 10 Minute Mail to generate a temporary email address, and send Facebook email into a void.
4. Don’t be afraid to remove friends off of Facebook, especially if they become infected. This will also keep your stream tidy. On the other hand, don’t be afraid to send the friend a message, especially on another medium (like email or the telephone), that their account has been compromised.
5. Read the permissions page! Facebook can have apps do anything from sending you email, access your data at any time during the day or night, post new things on your wall, and send messages to your friends. Don’t give the app permissions unless you know the source.
6. Read the fine print. Always read the fine print if there is fine print, as that lets you know what you’re getting into.
If You’re Infected…
Now, let’s say you do get infected, or if you are aware of an infection. Here’s how to revoke & view the permissions of apps:
1. Go to Account, and click on Privacy Settings.
2. There is a link towards the bottom of the page where you can edit apps settings. Click that.
3. Here you’ll find your most recently used apps. Click the Edit Settings button, or the Remove apps link. If you want to just turn everything off, click the “Turn all platform apps off” link.
4. On the next screen, check the app you think is spamming. Click on edit to see the permissions you gave it, or click the “X” to remove it. In the edit app screen, you can also see data that the app accessed from your profile, and when that access happened. Click on “Remove App” to remove the app.
With that, you know now what to do if you get tricked into clicking a link, and your Facebook account has become a zombie spamming links. Keep safe out there, and if you’ve got other good Facebook safety tips, let us know in the comments.
Brilliant. I’ve lost count of how many machines I’ve had to repair as a result of dodgy apps, malware and viruses caught through facebook. Excellent article.
Great information I am sending this article to everyone I know. I have been hit from a lot of friends that have been attacked and did not know it. Changed password many times
A resource I know of is Facecrooks http://www.facecrooks.com/ The have both Facebook and Twitter accounts which a person can follow to keep up with the latest scams and online-hazards that appear on Facebook.
It’s funny because I feel like all of this *should be* common sense. My less knowledgeable friends get up in arms about things that don’t matter, while allowing these sorts of things to go unchecked.
I recently saw a post that said, and I’m paraphrasing:
“Facebook is at it again! They’ve changed the privacy settings and your account is in danger! If your address bar doesn’t have “http://” in front of it then your Facebook session is not secure!! go to settings –> ……”
The point being that clearly not having an encrypted connection is not a big deal, but people repost and repost because they don’t know any better… then half my friends on FB are worried about the fact that their not using a secure, encrypted connection to post that video of the dog wanting maple bacon.
Of course, I messed up the main point of the post… HTTPS:// — not http://
I probably shouldn’t be typing while on the phone.