I was surprised to see the mention in this story that Facebook scams are now a larger vector of computer infection than any other single attack method. Now if you are a reader of this blog with any regularity, you know that I hate Facebook and refuse to use it any longer. But, OK, I get that some people continue to use it despite my excellent advice.
If that's you, I want to lay out some of the characteristics of these scams called out by the cited Cisco report, so you can be aware and appropriately defensive. Facebook scams include:
- Fake news stories
- Pages for questionable organizations
- Games and quizzes
- Legitimate(-ish) pages that serve malware in ads
The problem is, that by interacting with any of these you may be sharing MUCH more information about your online presence than you think. Since Facebook updates its privacy settings protocol quite often, and frequently sets your settings back to harmful defaults, it's all too easy to get tired of going and checking up on them every. single. time. So you don't, and then you click on a shady page, and the next thing you know some spammer has access to all 1,074 of your friends.
Not to mention, if you answered those "Security" questions on other sites truthfully, as many people do, your Facebook profile probably contains more than enough raw material to allow anyone to answer your questions. By the time you get an email from your bank that your email address has been changed, it might be too late.