Too Much Info

Recently I commented on YouTube that we should be very careful about what we share on social media. Specifically, I mentioned that we should avoid posting personal or sensitive facts about ourselves. Consider this ubiquitous example:

Sharing your employment info with the entire internet

I see this post repeated all over Facebook, sometimes with over 500,000 comments. My jaw drops to see so many people publicly reveal their answer to a security question they may have used on an important account.

But beyond advising you to Don’t Comment on These Posts, I want to conjecture a little with you, and suggest how deep the danger can go.

A Fairly Bad Tale

Let’s imagine a guy named Joseph Target. He’s an average guy who is amused by all the fun posts on Facebook. He’s clicked Like on hundreds of Pages that show him jokes and fun stuff. And he comments on everything he can relate to. “I worked at Subway, too! In Springfield, where I grew up. My brother still lives there.” Joe thinks it’s all harmless fun. And you know what? It is, at the time, for most of the people on Facebook.

Until one day, his Facebook account is stolen from him. He thinks it’s a high-level hackjob, but it was a common Messenger scam, that tricked him into giving up his password to the bad guys. He learns about the problem when people start calling him about weird FB Messages coming from his account. He hurries to a computer, goes through the standard account recovery process and then starts sending apologies to his FB friends. All told, it may have only been a few hours that his account was in someone else’s hands. But with a new password in hand, Joe feels like things are resolved, and he settles back into some Farmville games and commenting on posts about favorite hamburger toppings.

But during those few hours? The intruders weren’t just spamming his Facebook friends. They downloaded all of his Facebook info, saved it to their hard drive for future perusal. That includes his every post, every Like, every comment on everyone else’s posts, including all of those fun posts about his first job and mother’s name. Since they had Joe’s password, the process was quick (about an hour) and easy to do.

So as Joe returned to his casual Facebooking, the thieves casually riffled through all of Joe’s posts and other info from Facebook. And the bad guy was able to assemble quite the dossier on Joe, starting with his address and phone and email, and moving on to work history, relatives’ names, where he banks, his first pet’s name, and all kinds of other choice things he’s commented on over the years. All from one download from Facebook.

Are these Facebook phishers going to commit identity theft? Probably not, but they will sell the Target’s info to seasoned criminals, who do know how to steal someone’s identity. They’ll go on to use Joe’s record to open lines of credit, start utilities accounts, and maybe even obtain legal identification, all in his name.

Yes, this is an extreme story. This may not occur with every compromised FB account, but please understood how possible it all is. It does happen.

Safeguards

What can you do about it? For starters, stop posting personal info to Facebook (and other social media). Don’t post anything on Public posts, and review your own account data. Delete what sensitive info you can from their site, like your birthday, hometown, High School. While that info can help long-lost friends find you, it’s also useful to strangers and bad guys.

If you have some spare time, use the Download function to get a copy of your Facebook info and review it yourself. You may be surprised or terrified at what you find in there; it’s almost like reading a diary you’ve been secretly keeping on yourself! But it may help you find other info on your account that you’ll want to change or remove.

Consider turning on 2-factor authentication for your Facebook account. I know, 2FA can be an added inconvenience when logging into your account, but it is an effective safeguard against some bad actor swiping your password. With 2FA in place, someone would have to swipe your password and your phone in order to gain access to your account. That’s highly unlikely to happen!

Ultimately, though, the only certain method to protect your info on Facebook is to close your account. Identity thieves can’t see or copy info from your account, once it’s been deactivated. I don’t expect many of you will delete your Facebook, but just in case, this shows the steps for that.