Watch Out For New Facebook “Trusted Friend” Scam

If you can’t trust your friends, who can you trust?

No one, apparently.

There’s a new scam on Facebook that’s making waves, and it’s one you should be mindful of. You may get an “urgent message” from someone you know, asking for your help in recovering their Facebook account.

This is a tried and true phishing scam, relying on some basic psychology. After all, if you get an earnest sounding message from someone you know explaining that you’re listed as one of their “Trusted Friends” and as such, uniquely positioned to help verify their identity so they can get access to their account back, who wouldn’t instinctively respond? This is exactly what the scammers are hoping for.

The message goes on to explain that they’re sending an unlock code to your email address, and they just want you to reset the password for them.

Unfortunately, the unlock code is nothing of the sort. Instead, it triggers a password reset for your own account. If you click the link and “reset your friend’s password,” then reply back, helpfully telling him or her what the new password is, you’ve inadvertently given your own login information to the hackers. From there, the sky’s the limit.

What makes this latest scam particularly problematic is that so many other web properties allow you to use your Facebook login details to access them, which is a roundabout way of saying that you’re using the same login credentials across multiple websites – one of the most basic and pervasive problems of user security in existence.

There’s no real defense for this other than vigilance, and if you see a message like this, simply ignore it. If your “trusted friend” genuinely needs help regaining control of their account, Facebook has resources to assist.

New Facebook Messenger App For Kids Raises Privacy Questions

On the surface, the new Facebook For Kids messenger app looks like a solid win that should put the minds of parents all over the world at ease.

The company conducted extensive interviews and assembled a Blue-Ribbon panel of experts to help them craft the new tool, aimed at children ages 6-12. The app itself is user friendly and filled with bright, cheerful primary colors that appeal to kids, but there are problems, or, at the very least, valid concerns.

For one thing, Facebook has made no mention of how it plans to monetize its new app, other than to say that it won’t contain any advertising. It’s not difficult to imagine some possibilities, however and none of them good.

For another, the company essentially used scare tactics to get parents to sign their kids up for the service, saying essentially that kids are going to chat online anyway, and if they don’t use Facebook’s new offering, they are at greater risk of talking to a child predator.

Then, there’s the issue that Facebook requires the child’s full name, and behind the scenes, the app is busily mapping out the child’s social network – who his parents are, the friends of both the children and their parents and so on.

According to the company, it has no plans to turn children’s accounts into full-fledged Facebook profiles, but given the amount of data being collected, it’s not hard to imagine them offering a one-click export function that would turn these accounts into regular Facebook accounts on the day the child turns 13.

What’s most disheartening of all is the fact that the company could have chosen another, far less intrusive route. Rather than requiring the child’s full name and the establishment of a familial relationship, the app could have been nested directly under the parent’s account, with a nickname or even a colorful symbol used to denote the child. This approach would have been far less data intensive and far less intrusive.

How well the new app will be received remains to be seen, much like the long-term consequences of its launch.

Facebook Has A Major Problem With Fake Accounts

Facebook has been in hot water with evidence mounting that hordes of fake accounts were used to spread misinformation about the recent presidential election.

In addition to sparking congressional hearings, it also prompted Facebook and the other major social media companies to do a deep dive into their own active accounts and get a better sense of just how large and pervasive the problem was.

According to Facebook’s most recent quarterly earnings report, the problem turned out to be a fair bit larger than was first imagined. The company changed their methodology for tracking and identifying fake accounts, which has led to the grim discovery that some 13 percent of the company’s accounts are duplicates, a figure that doesn’t take into account the more than 60 million outright bogus accounts.

According to Facebook’s founder and CEO, Mark Zuckerberg, from in the earnings report: “We’re serious about preventing abuse on our platforms. We’re investing so much in security that it will impact our profitability. Protecting our community is more important than maximizing our profits.”

The problem is going to wind up costing Facebook in a number of ways. First and most obvious, of course, is the unwanted attention caused by the congressional hearings themselves, and the loss of trust it creates in the platform.

More immediately, there’s also the factor addressed directly by Zuckerberg in his statement. The company is spending a ton of money on improving security and rooting out and shutting down duplicate and fake accounts. As he indicated, it’s having an impact on their profitability.

It’s also impacting the company’s ability to generate ad revenue, which, of course, is based on the number of actual users the company can claim are viewing ads. With more than a quarter of a billion duplicate and fake accounts in the system, the network is simply less attractive to advertisers.

There are no simple solutions here, but kudos to Facebook for making significant investments to rein the problem in.

Virus Spread Through Facebook Messenger Mines For Cryptocurrency

Facebook scams are fairly common occurrences, owing to the sheer size of the platform’s user base. It’s no surprise that there’s a new one making the rounds that you should be aware of.

This latest threat was discovered by researchers at Trend Micro, and makes use of Facebook Messenger. If you get a message containing an embedded video file saved as a zip (the file name usually appears as “video_xxxx.zip”), don’t click on it, even if it’s from someone you know.

This file is a modified form of a legitimate piece of software called “XMRig”, an open source project that allows users to mine the cryptocurrency called Monero.

When the user clicks on this poisoned version, it will direct them to a website controlled by the hackers, in addition to quietly installing the corrupted software in the background. Once installed, the hackers put the infected PC’s processor to work for them, creating a distributed network of hash power to solve advanced cryptographic puzzles and generate new Monero “coins” for themselves.

The hackers have gone to some lengths to mask their true intentions. The site appears to be a video streaming service, and users who click on the embedded file will actually see a video playing. Of course, the website is also part of the C&C structure.

There are several intriguing things to note about this new threat:

  • It only affects people who use the Google Chrome web browser
  • It only affects PCs and Laptops. Smartphones are not impacted in any way
  • The miner software is actually controlled via the C&C server, meaning that the hackers can upgrade their malware, adding new functionality in the blink of an eye

So far, the virus has been spreading mostly in south east Asia, but has also begun appearing in the Ukraine and Venezuela. Given the global nature of Facebook’s user base, this is wholly unsurprising, so be on the lookout for it. Don’t click embedded files in Messenger, even if you think you know the sender.

Facebook Post Removals May Soon Get An Appeals Process

There are some big changes coming to Facebook, which may have some serious unintended consequences.

In a recent interview, Mark Zuckerberg indicated that he’s considering allowing users to independently appeal to the content moderation team if their posts get taken down for violating various community policies.

On the surface of it, this seems like it would be a good thing. Zuckerberg said that the move is designed to give people in the Facebook communities what they want, rather than reflecting short-term, profit-driven wishes of the shareholders.

It’s a significant change because as of right now, Facebook only allows for appeals if content was removed for violation of copyright laws. In addition, the appeal must be made via a DMCA (Digital Millennium Copyright Act) notification, which makes it a somewhat daunting process.

Zuckerberg describes the new approach as follows: “So maybe the folks at Facebook make the first decision based on the community standards that are outlined, and then people can get a second opinion.  You can imagine some sort of structure, almost like a Supreme Court, that is made up of independent folks who don’t work for Facebook, who ultimately make the final judgement call on what should be acceptable speech in a community that reflects the social norms and values of people all around the world….I think we can build that internally as a first step.”

All of that looks good on paper, but there are some major problems with this approach.

First,  the company will struggle to find enough volunteers to monitor content and appeals to keep pace with demand.  Given the size of Facebook’s footprint on the web, that’s a very real concern. The new, easier appeal policy is certain to cause the number of appeals to explode.

Second, if not done with great care and forethought, it could further polarize the platform. It could lead to the development of more estranged “information silos,” which runs counter to what the company ultimately wants its global network to be.  In addition to that, it could easily lead to a massive backlash against the company.

Time will tell, but the coming months should be interesting indeed.

Facebook Users Should Assume Their Public Has Been Scraped

First it was 55 million.  Then 77 million.  Now, it’s 2.2 billion, or pretty much every user on Facebook.  That’s how many people should assume that their public profile information has been scraped.

The conversation began when it came to light that Cambridge Analytica (a political research firm) had misused Facebook’s search function to scrap profile data for tens of millions of Facebook’s users to help the Trump campaign win the recent presidential election.

As research into the matter has continued. However, it has become clear that Cambridge Analytica wasn’t the only group misusing the search feature, and that before Facebook disabled it, more than two billion of Facebook’s users had seen their public profile information scraped.

Essentially, Facebook was used to paint a more complete picture of users to build a profile which could be sold on the Dark Web.

Starting with stolen phone numbers or addresses, hackers developed automated routines that fed this information into Facebook’s search function, enabling them to link these bits of information with the names and locations of specific people.  Having a more complete profile in hand made the data that much more valuable on the Dark Web, where it is currently being resold.

At 2.2 billion impacted users, it’s certain that this will be the year’s largest data breach. In fact, this one is likely to hold the world record for quite some time.

Facebook’s CEO, Mark Zuckerberg issued an apology to the company’s massive user base.

Mike Schroepfer, the company’s Chief Technology Officer, had this to say:

“Until today, people could enter another person’s phone number or email address into Facebook search to help find them.  This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name.  However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery…we believe most people on Facebook could have had their public profile scraped in this way.”

Some Private Posts On Facebook May Have Been Exposed

<img class=”alignnone size-full wp-image-8011 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/facebook-post-resized.jpg” alt=”” width=”300″ height=”225″ />Facebook is in hot water again.  Recently, the company admitted that while testing a new feature on the site, they inadvertently made public the posts of more than fourteen million users.  The incident occurred between May 18th and May 22nd and occurred when Facebook was testing a new “Featured Posts” enhancement.

The goal was that users could selectively make posts visible to everyone.  Unfortunately, the error created a situation where any posts users in the test group made were automatically shared to everyone.  The company found and corrected the mistake on May 27th, but during the intervening span of days, any posts those users made were set to global visibility.  Facebook is currently in the process of contacting the impacted users and asking them to review any posts they made during the impact period.

Chief Privacy Officer Erin Egan had this to say: “To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have.  We’d like to apologize for this mistake.”

Unfortunately, this is not the first time in the recent past that Facebook has gotten into hot water over the mishandling of user data.  Earlier this year, Facebook CEO Mark Zuckerberg had to testify before Congress when it came to light that the company acknowledged they had improperly shared private information pertaining to tens of millions of its users with Cambridge Analytica, which used the information in an attempt to influence the most recent presidential election.

Even if you’re not a member of the test group, if you use Facebook and made any posts between May 18th and May 27th when the company fixed the bug, it pays to review your posts just to make sure that their visibility has been properly set.

Facebook Is Adding New Features, Including Dating 

At this year’s F8 Developer’s conference, Facebook announced a raft of changes and updates it will be rolling out later this year.  Some are fun, others practical, but they’re all interesting.  Here are the highlights:

Get Ready for “FaceDate”

This announcement is interesting. Not so much because the idea of using Facebook to meet someone is new, but because of what the announcement did to the stock prices of existing companies.

The new feature will look and feel a bit like Tinder, with a few important caveats:

  • Your FaceDate profile will be separate from your Facebook profile
  • The app will not match you with your existing Facebook friends
  • Your existing friends will not see, or even know about your FaceDate profile (unless you tell them, of course)

Facebook fanatics will no doubt love this feature, but the news caused the stock prices of two online dating companies to fall sharply. These included Match Group (parent company of Match.com) tumbling 22 percent, and IAC (parent company of both Tinder and Match Group) falling 16 percent.

Third Party App Review Starting Up Again

In the wake of the Cambridge Analytica scandal, the company suspended its third-party app review.  That is re-opening starting Tuesday, so by the time you read these words, app review should once again be in full swing.  The major change here is that the company will now require business verification for apps that need access to specialized API’s or extended login permissions.  Apps asking for basic profile information only will not be subject to this new requirement.

Real Time Language Translations In Messenger

A long-anticipated feature addition, the company is taking a cautious approach here.  When the feature is initially rolled out, it will only translate English-Spanish conversations, with additional languages added incrementally.  In addition to the translation feature, the messenger interface will also get some tweaks and improvements.

“Clear History” Feature Being Added

This one is aimed specifically at the lingering privacy concerns Facebook’s CEO was recently grilled about when he appeared before Congress.  In a bid to increase user privacy, Facebook will now allow its users to see the apps and websites that send Facebook information when in use, and allow users to turn off Facebook’s ability to store that data.  It’s a good first step, but it remains to be seen how helpful it will be in terms of increasing user privacy.  There’s no good way to know that until we get the opportunity to see the new feature in action.

All in all though, a productive conference, with a number of interesting changes ahead.