Facebook Safety Tips to Stop Social Networking Hangovers

Facebook, and social networking sites in general, are in an awkward stage between infancy and adulthood – mature in some ways, helpless in others. On the darker side of sites like Facebook, LinkedIn and Twitter, scammers and identity thieves are drooling at the sight of this unchecked data playground. In contrast, most social networkers are addicted to all of the friendships they are creating and renewing.

There is no denying that Facebook and other social networking sites have a very luring appeal.  You can sit in the comfort of your own home and suddenly have a thriving social life.  You can look up old friends, make new ones, build business relationships and create a profile for yourself that highlights only your talents and adventures while conveniently leaving out all your flaws and troubles.  It is easy to see why Facebook has acquired over 500 million users worldwide in just over five years. Which is why Facebook safety is still so immature: Facebook’s interface and functionality has grown faster than security can keep up.

Unfortunately, most people dive head first into this world of social connectedness without thinking through the ramifications of all the personal information that is now traveling at warp speed through cyberspace.  It’s like being served a delicious new drink at a party, one that you can’t possibly resist because it is so fun and tempting and EVERYONE is having one.  The downside? Nobody is thinking about the information hangover that comes from over-indulgence: what you put on the Internet STAYS on the internet, forever. And sometimes it shows up on the front page of the Wall Street Journal, in the hands of a prospective employer or your boss’s inbox. All of the personal information that is being posted on profiles — names, birth dates, kids’ names, photographs, pet’s names (and other password reminders), addresses, opinions on your company, your friends and your enemies — all of it serves as a one-stop shop for identity thieves.  It’s all right there in one neat little package and all a scammer has to do to access it is become your “friend”.

Follow these Five Facebook Safety Tips and save yourself the trouble…

5 Facebook Safety Tips

Facebook Safety Tip #1: If they’re not your friend, don’t pretend. Don’t accept friend requests unless you absolutely know who they are and that you would associate with them in person, just like real friends.

Facebook Safety Tip #2: Post only what you want made public. Be cautious about the personal information that you post on any social media site, as there is every chance in the world that it will spread beyond your original submission.  It may be fun to think that an old flame can contact you, but now scammers and thieves are clambering to access that personal information as well.

Facebook Safety Tip #3: Manage your privacy settings. Sixty percent of social network users are unaware of their default privacy settings. Facebook actually does a good job of explaining how to lock your privacy down (even if they don’t set up your account with good privacy settings by default). To make it easy for you, follow these steps:

1.        Spend 10 minutes reading the Facebook Privacy Policy. This is an education in social networking privacy issues. Once you have read through a privacy policy, you will never view your private information in the same way. At the point the privacy policy is putting you to sleep, move on to Step 2.

2.        Visit the Facebook Privacy Help Page. This explains how to minimize all of the possible personal information leakage that you just read about in the privacy policy. Once you understand this on one social networking site, it becomes second nature on most of the others. 

3.       Now it is time to customize your Facebook Privacy Settings so that only information you want shared, IS shared. This simple step will reduce your risk of identity theft dramatically.

Facebook Safety Tip #4: Keep Google Out. Unless you want all of your personal information indexed by Google and other search engines, restrict your profile so that it is not visible to these data-mining experts.

Facebook Safety Tip #5: Don’t unthinkingly respond to Friends in Distress. If you receive a post requesting money to help a friend out, do the smart thing and call them in person. Friend in Distress schemes are when a thief takes over someone else’s account and then makes a plea for financial help to all of your friends (who think that the post is coming from you). As with all matters of identity, verify the source.

Following these 5 Facebook Safety tips are a great way to prevent an information-sharing hangover.

Don’t be fooled by ‘friends’ – social network hackers are in for the kill

Social network hacking and security breaches are becoming more and more prominent these days. Hackers set up fake profiles and attempt to gather personal and confidential information as your ‘friend’, using malicious code and malware to infiltrate systems. Hackers rely on the trust and ignorance of other social network users to gain access to private information from their computers.

(full Story)

Facebook Inc. have been transmitting YOUR identifying information...

Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found. Continue reading at The Wall Street Jounal

Teacher Schooled In Facebook Privacy Policy

Facebook's share-everything-with-everyone default settings appear to have blindsided ex-teacher June Talvitie-Siple, who lost her job after making unflattering comments about her students and their parents.

Talvitie-Siple, of Cohasset, Mass., allegedly called students "germ bags" on her Facebook page, where she also stated that she continually caught new illnesses from them. She additionally allegedly wrote that her students' parents are "arrogant" and "snobby." Some parents saw the posts and complained, following which Talvitie-Siple was asked to resign.


She reportedly says she believed her posts were viewable only by her contacts -- apparently because she didn't realize that Facebook recently changed most of its default privacy settings to share-everything-with-everyone. Of course, comments like Talvitie-Siple's could have backfired without Facebook. (Full Story)

7 Things to Stop Doing Now on Facebook

Using a Weak Password

Avoid simple names or words you can find in a dictionary, even with numbers tacked on the end. Instead, mix upper- and lower-case letters, numbers, and symbols. A password should have at least eight characters. One good technique is to insert numbers or symbols in the middle of a word, such as this variant on the word "houses": hO27usEs!

Leaving Your Full Birth Date in Your Profile

It's an ideal target for identity thieves, who could use it to obtain more information about you and potentially gain access to your bank or credit card account. If you've already entered a birth date, go to your profile page and click on the Info tab, then on Edit Information. Under the Basic Information section, choose to show only the month and day or no birthday at all.

Overlooking Useful Privacy Controls

For almost everything in your Facebook profile, you can limit access to only your friends, friends of friends, or yourself. Restrict access to photos, birth date, religious views, and family information, among other things. You can give only certain people or groups access to items such as photos, or block particular people from seeing them. Consider leaving out contact info, such as phone number and address, since you probably don't want anyone to have access to that information anyway.

Posting Your Child's Name in a Caption

Don't use a child's name in photo tags or captions. If someone else does, delete it by clicking on Remove Tag. If your child isn't on Facebook and someone includes his or her name in a caption, ask that person to remove the name.

Mentioning That You'll Be Away From Home

That's like putting a "no one's home" sign on your door. Wait until you get home to tell everyone how awesome your vacation was and be vague about the date of any trip.

Letting Search Engines Find You

To help prevent strangers from accessing your page, go to the Search section of Facebook's privacy controls and select Only Friends for Facebook search results. Be sure the box for public search results isn't checked.

Permitting Youngsters to Use Facebook Unsupervised

Facebook limits its members to ages 13 and over, but children younger than that do use it. If you have a young child or teenager on Facebook, the best way to provide oversight is to become one of their online friends. Use your e-mail address as the contact for their account so that you receive their notifications and monitor their activities. "What they think is nothing can actually be pretty serious," says Charles Pavelites, a supervisory special agent at the Internet Crime Complaint Center. For example, a child who posts the comment "Mom will be home soon, I need to do the dishes" every day at the same time is revealing too much about the parents' regular comings and goings. (See Full Story)

Should a teacher’s Facebook posts ruin her career?

A former high school teacher is suing a north Georgia school district, alleging she was forced to resign over photos and expletives on Facebook.

Ashley Payne contends that the Barrow County school district violated state labor law because she was never told she was entitled to a hearing. Her attorney, Richard Storrs, says the 24-year-old former Apalachee High School teacher was “not made aware of her rights” and should be granted the hearing.

After teaching at the school for two years, Payne resigned in August after her principal questioned her about her Facebook page, which included photos of her holding wine and beer and an expletive.

(Payne told the Athens Banner Herald it was the “B” word that landed her in hot water with her principal. She posted it in the context of saying she was going to an Atlanta restaurant that featured a game called Crazy “B” Bingo.  Here is a link to the bars that hold Crazy Bxxxx Bingo games.) According to the AJC.com

Breach-Proofing your organization brings many benefits...

Roanoke City Public Schools Surplus computers sold containing 2000 employees’ names and Social Security numbers...  

University of Louisville  A database with the names, social security numbers and other personal information of 708 dialysis patients was accessible via the Internet for more than a year, university officials announced Wednesday morning.

In order to prevent data breaches before they occur requires building a “Breach-Free Culture” within your organization.  Properly training employees across all areas of your business is a necessary component to breach-proofing your organization.

Another reason to incorporate training into your data breach prevention efforts is that, although cyber-criminals may get the headlines and media attention, the fact is that more than 88% of all breaches are caused by human error and process failures. Technology can't stop someone from making mistakes, however, training that changes behavior can!

Breach-Proofing your organization brings many benefits. We've all seen the statistics... Data breaches cost an average of $202 per record lost... 40% of consumers change their relationship with affected businesses... fines for non-compliance with the law can run into tens of thousands of dollars... lawsuits cost hundreds of thousands of dollars to defend and even millions of dollars to settle.

Creating a Breach-Proof Culture, where employees across all departments and areas share a heightened sensitivity, understanding and commitment to eliminating breaches can reduce your organizations risk.

University of Toledo, 200 reported incidents of Identity Theft...

At the University of Toledo, there have been 200 reported incidents of credit card and identity theft of students, faculty and staff in the past year, according to Marge Dell, head teller at UT’s Credit Union.

According to Dell, five of those incidents occurred on-campus.

“We had a counselor here that had their identity stolen by her secretary,” she said. “They actually took a mortgage out for their house for $80,000.”

Joseph Slater, professor of law instruction, became a victim of identity theft after someone obtained his social security number and home address in late 2004.

“I would get things in the mail from Circuit City saying, ‘thank you for opening up an account with us. You have reached your $600 limit. Please pay us,’” Slater said.

The man who stole Slater’s identity used his information to max out six credit card accounts with stores in Atlanta, Ga. and was not caught until the seventh account he tried to open... The Federal Trade Commission estimates 9 million Americans have their identities stolen each year.

At the University of Toledo, there have been 200 reported incidents of credit card and identity theft of students, faculty and staff in the past year, according to Marge Dell, head teller at UT’s Credit Union.

According to Dell, five of those incidents occurred on-campus.

“We had a counselor here that had their identity stolen by her secretary,” she said. “They actually took a mortgage out for their house for $80,000.”

Joseph Slater, professor of law instruction, became a victim of identity theft after someone obtained his social security number and home address in late 2004.

“I would get things in the mail from Circuit City saying, ‘thank you for opening up an account with us. You have reached your $600 limit. Please pay us,’” Slater said.

The man who stole Slater’s identity used his information to max out six credit card accounts with stores in Atlanta, Ga. and was not caught until the seventh account he tried to open. (See Full Story)

Copy Machines, a Security Risk?

This year marks the 50th anniversary of the good, old-fashioned copy machine. But, as Armen Keteyian reports, advanced technology
opened a dangerous hole in data security...

The House of Representatives has passed a bill outlawing all caller ID spoofing

The House of Representatives has passed a bill outlawing all caller ID spoofing "with the intent to defraud or deceive".

So no more prank calls - but more importantly, no more calls from criminals aiming to trick people into giving away banking information.

The sponsors of the bill, Eliot Engel and Joe Barton, cited an identity theft operation in New York City which netted its operators more than $15 million - and another where a woman used the caller ID of a pharmacist to trick a love rival into taking an abortion drug. See Full Story

Facebook has begun warning its users...

Facebook has begun warning its users to avoid bogus links and fan pages that offer free gift cards because they are scams aimed at stealing user identities.

Facebook Security says it tries to remove these links and pages as quickly as it finds them.

"Watch out for suspicious offers for free gift cards," the site warns. "We've been removing groups and Pages that promise free gift cards but instead trick people into entering information or spamming their friends. If you come across one, report it to us immediately." (Link to full Article)

Colorado patients mailed protected health data; investigation under way

Since March 29, the Boulder Community Hospital (BCH) in Colorado has been contacted by patients of Lafayette, Colo.-based Family Medical Associates (FMA), who were mailed copies of their own protected health information by an anonymous source. An accompanying letter claims that the information was stolen from Community Medical Center’s recycling bins, according to BCH.
Colorado patients mailed protected health data; investigation under way

New Privacy Concern for Americans

There is a new privacy concern for Americans because of a new website called Spokeo.com. All anyone has to do is enter your name on the website and it pulls up a list of personal information from addresses, to interests and even credit scores. Spokeo is a fairly new website but it’s already got many people upset and worried about their p... (Read Full Article)

Citibank apologizes after exposing 600,000 Social Security numbers

Citibank representatives call it a processing error, which doesn’t sound too serious. But for more than half a million Citibank customers who received mail from the credit card company with their Social Security number printed on the outside of the envelope…it was more than a little disturbing. (Read Full Article)

New technology's impact on identity theft

Qing Hu, a professor and chair of logistics, operations and management information systems at Iowa State, says those new technologies won't even make a dent on the identity theft problem.

"Identities are sold around the world quickly after they are stolen through online auction sites operated by organized crime or hackers, and they are used for a number of purposes -- most of which do not need a personal presence where a retina scan might be used," said Hu, who has been conducting research on corporate information security management and user behavior toward information security technologies since 2005.

"They [stolen identities] can be used to apply for new credit cards, making duplicate cards for online purchases of digital services and products where physical delivery is not needed -- online games, pornographic material, music download, fake account for money laundering, etc.," he said. "It is rare that a criminal would take a fake ATM card to go to a physical machine to take cash out, knowing that almost all ATMs today have cameras to record every transaction."

Steffen Schmidt, a University Professor of political science who is also a researcher in ISU's Center for Information Protection, shares Hu's information security outlook amid new technology. The co-author of two books on preventing identity theft -- "Who Is You: The Coming Epidemic of Identity Theft" (The Consortium, 2005) and "The Silent Crime: What You Need to Know About Identity Theft" (Twin Lakes Press, 2008) -- Schmidt predicts identity theft will only escalate with technological advancements. 

Study: Identity theft hits record high

Criminals use social networks, online transactions to gather victims' information.

More people in the United States are falling victim to identity fraud. A study by Javelin Strategy & Research showed that the number of victims jumped by 12% to 11.1 million adults in 2009, the biggest increase since the survey began in 2003. Identity fraud continues on the upswing and we believe it will continue to rise if consumers fail to take proactive steps to prevent fraudsters from taking advantage of their offline and online transactions and their increasingly exposed personal information on social networks. The study said that total overall fraud rose by 12.5% to $54 billion. The perpetrator is often someone the victim knows, such as a family member or presumed friend, according to Javelin founder James Van Dyke. The number of new credit card accounts opened fraudulently rose 39% in 2009, with new online accounts more than doubling, and the number of new e-mail payment accounts rising 12%. The study also found that 29% of identity-fraud victims said that mobile phone accounts were fraudulently opened in their names.

We must be vigilant with whom you are sharing your personal information and where you are sharing it.  

The Consequence of Even a Small Data Breach

We often discuss with our clients the substantial increase recently in the cost of experiencing a breach of data. One aspect that isn't often considered in that increase is the new power of social media in our world. I experienced this recently when I was scheduled meet with a medical practice administrator and was unsure of this clinics location. Not to worry with the power of maps and Google on my I-Phone I'm a direction genius. (Never again can my wife make me ask for directions!) A couple key clicks later the top link in Google provided the information I needed on Citysearch.

Of course I noticed (as everyone else that Googled this clinic would have) that they were only given 2 out of 5 stars based upon their reviews. Curious as to why one click later I learned they have a very upset patient who shared the gory details of her medical chart that was lost by this clinic and her confidence in the fact that if you work with them they will also lose your information!!

Ouch! One person now has that much power. The story wasn't broadcast on the nightly news, not in the local paper, just where vast majority of new patients would go to find your location.

It's been reported that it costs $200+ per record lost when a breach is experienced. Somehow for this clinic I think that it is substantially higher.

Online Social-Networking / ID Theft

If you’re a fan of Facebook, and an active user of the social-networking site, then you might be at risk of becoming a victim of identity theft. A story by the Miami Herald detailed all the ingenious ways that cyber criminals can steal your identity by using Facebook as the bait. The Herald story cites this popular scam: You’ll find a message in your Facebook inbox from either someone you don’t recognize or someone you rarely talk to. The subject line might be something like, “Is this you in this video?” When you open the message, you’ll find a link to a Web site. If you click on it, your computer will download a program that collects your personal information and then sends it across the Internet, where cyber criminals will happily collect it.

Protecting Yourself From Identity Theft

As social-networking sites like Facebook and Twitter have exploded in popularity, the risk of identity theft has skyrocketed. But social networkers can take steps to protect themselves. And most of these require little more than common sense. For instance, if you get an e-mail message in your Facebook inbox from someone you don’t recognize, delete it without opening it. If your curiosity gets the better of you and you can’t resist clicking open the message, don’t click on any links in the message. These links often lead to programs that will download your personal information. Be wary, too, of invitations to Facebook events from people you don’t recognize. Often these fake invites will take you to Web pages that look like Facebook events, but are actually Web sites that download malicious software onto your computer.

CBC News - Windsor - Private data of 8,600 Ont. teachers compromised

Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen, CBC News has learned.
The three laptops contained names, addresses, birth dates and social insurance numbers of about 8,600 teachers, most of whom work at elementary schools for the Toronto District School Board.
The computers were stolen from the Waterloo, Ont., offices of the Ontario Teachers Insurance Plan on Dec. 3.
The organization provides insurance for teachers across the province. The affected teachers were informed of the theft earlier this week, said a spokeswoman for the non-profit insurance organization.
In a notice posted on its website, the organization said it found out about the theft Dec. 4. The group did not say when it determined that sensitive data may have been compromised.
"As soon as we did determine that there was member data involved we set out to put a plan together to notify the members who were affected," Julie Millard told CBC News on Wednesday.
The thieves also broke into a cafeteria cash register and tried to break into a closet containing office supplies, the organization said. No arrests have been made.
Waterloo Regional Police have characterized the theft as a routine "smash and grab."

Numerous possibilities for fraud

But Ken Anderson, Ontario's assistant privacy commissioner, said the situation may not be so cut and dried.
"There are actually professional theft rings now that are looking for laptops, BlackBerrys [and] other portable devices where they can get the information … they strip it out and it can be used in many ways."
For instance, the information can be used to obtain false passports and fake credit cards or for re-mortgaging a victim's home.
Anderson, who is charged with ensuring the government keeps public data safe, said it's "as important, and indeed in some cases, maybe even more important, that the private sector protects your information, especially if it's in a digital format."
Millard acknowledged none of the data on the laptops was encrypted but said the computers were password-protected.
She said a consulting firm is giving teachers advice about preventing fraudulent use of their information, including being told to call credit-rating agencies to flag the theft.
"We believe their identity is safe because of the measures we're taking to protect them," she said.
"Our goal right now is doing the right thing for the members that were affected and examining all of our security policies and procedures and improving [them]."
Teachers who think they might be affected by the theft but have not been contacted are advised to call the insurance firm at 1-800-267-6847.
News of the theft comes a month after a health worker in Whitby, Ont., lost a USB key containing the names and OHIP numbers of 80,000 people in Durham Region. Data on the key wasn't encrypted either.
This prompted Ontario's privacy commissioner to order government agencies to encrypt personal information on devices such as USB keys and laptops.

Read more: http://www.cbc.ca/canada/windsor/story/2010/01/27/teachers-laptop-data494.html#ixzz0e266Qmqh
CBC News - Windsor - Private data of 8,600 Ont. teachers compromised

Beware Haiti Charity Frauds

Whenever a tragedy takes place in the world Americans step up and illustrate their generosity. In turn every well publicized event creates an opportunity that scam artists inevitable will use to their advantage. A few months ago it was fake Michael Jackson charities and now it is fake charities and scams using the names of legitimate charities to steal funds intended for those in Haiti who need our help.

Please make sure as you give and as you speak to others about giving to the assist those in Haiti, that we remind everyone to be aware of fraud, especially when someone contacts us seeking a donation. The following article reveals some of the scams that are currently being seen.

http://www.cbsnews.com/stories/2010/01/13/cbsnews_investigates/main6092813.shtml

Phishing Application Appears On Google Android Market | Geeky Gadgets

Phishing Application Appears On Google Android Market | Geeky Gadgets: "It seems that an phishing app has made its way onto Google’s Android Market, in the form of a fake banking application published by an Android developer called ‘Droid09′.
The application was attempting to get hold of users banking information, and it was spotted by the First Tech Credit Union, here is what they had to say about it.

We recently learned that a fraudster developed a rogue Android Smartphone app. It creates a shell of mobile banking apps that tries to gain access to a consumer’s financial information.
Droid09 launched this phishing attack from the Android Marketplace and it’s since been removed. It’s called phishing because scammers go fishing for information about you or your financial account that may be used for identity theft."

Officials warn of possible ID theft in census count

Officials warn of possible ID theft in census count: "While recruitment has begun in Grand Junction for the 2010 census, the Better Business Bureau warns of the potential for con artists and identity theft over the coming months.

Legitimate census counters will not be asking for Social Security numbers, bank account or credit card information. Nor will they be soliciting donations, the bureau said in a news release.

Residents are likely to be contacted via mail, telephone or in person by someone with the census.

The workers knocking on doors “will have a badge, a handheld device, a Census Bureau canvas bag and a confidentiality notice,” the release said."

Sex Offenders

TBG now provides members with free information about how to locate registered sex offenders in your area. Contact your TBG representative for more information.

ID Theft Is Set To Rise …

Like wolves to injured prey, identity thieves are out to turn the recession in to their own advantage.

There are lots of variations of old scams and the degree of sophistication in newer scams,” says  The Identity Theft Resource Center predicts an increase in the number of identity theft crimes and victims during the next two years. Particularly vulnerable are jobseekers whose desperate search for employment makes them easy targets for fake job listings and work-from-home scams. Also on the rise are the misuse of social media and phony ads on Craigslist and other Web sites for the purposes of obtaining credit card numbers or cash.

Most disturbing has been the growing problem of child identity theft, sometimes by the child’s own family. “The ITRC has noted that nearly 10 percent of its case load for the past six months involved child identity theft issues,” says founder Linda Foley. “It’s as if people have finally realized that a child’s Social Security number can be used for more than just opening a line of credit.” Visit the ITRC Web site to learn how to protect your personal data from thieves and hackers.”

Soapbox: Don’t let your business fall prey to scams

Identity theft is a serious issue, no matter who the victim is, but the situation can be more complicated when somebody tries to impersonate someone’s business.

Since businesses need to make themselves visible to prospective customers, they are compelled to share a lot of information with the public that individuals tend to keep private, such as their phone number and address. Easy access to private contact information means heightened vulnerability to identity theft.

According to security firm Panda Security, a significant percentage of small businesses haven’t taken very basic steps to secure their data assets. A recent survey showed that “97 percent of U.S. small businesses have installed anti-virus and 95 percent claim their security systems are up to date. Yet, 29 percent said they have no anti-spam in place, 22 percent are without anti-spyware technology and 16 percent do not have firewalls.”

In addition, 52 percent said they have no Web filtering solution in place. And 39 percent of respondents said that they have yet to be trained about IT threats.

All an identity thief has to do is open up a mailbox in your shared office building, create a fake letterhead and obtain your business license number, which many businesses are required by law to display. Then the thief is well on his or her way to opening up credit card accounts in your name, filing purchase orders and running up bills that will eventually come to you.

So, what can business professionals do to prevent identity theft? Consider these tips: Soapbox: Don’t let your business fall prey to scams: