In the technology world, people are jeopardized by two separate yet equally scary groups: the big tech companies, who care only for monetizing their users’ data; and the opportunistic scammers, who prowl the web looking for victims. These are their stories.

Dear Xxxxxx,

I’m writing this letter to you about your kiddo. Please don’t worry, this is not one of those Are-you-sitting-down? notes. But let me explain something that you might think is a teachable moment:

Facebook recommended your daughter’s profile to me, as a potential friend-connection. I haven’t Friended her, but I did click on her name to look at her profile. And Egad, She’s got too much personal info out there. I am able to view all of this info on her profile, because it’s all set to Public visibility:

  • Complete FB Friends List
  • Name of high school and college, with admission years and major
  • Hometown and current city/state of residence
  • Mother, father, brother and uncle’s names, with links to their FB profiles
  • Birthdate
low-hanging fruit

If I can view this info, then anyone in the world can. I’m thinking about the scammers that are having a field day on Facebook — all of this sensitive info is essentially low-hanging fruit to them. “Easy pickin’s”, if you’re into that country vernacular. And I’m not so concerned about your daughter here, as I am the people connected to her. She’s probably smart enough to dodge the average Facebook criminal, but what about all of her friends and family?

A publicly-visible Friends List is what attracts scammers that clone profiles. In essence, a bad guy could create a brand new FB account, and give it your daughter’s name. S/he could copy and use your daughter’s profile pic. And then they’ll start sending Friend Requests to everyone they see on her F-list. If any of her FB Friends are too trusting or naive or quick-with-the-mouse, then they may connect with an impostor-scammer, who is ready to pretend to be your daughter and con some money from them.

Publicly-visible family connections are interesting to a different type of crook. Sometimes, cybercriminals attempt the “grandparent scam“, where they call a family member and pretend to be someone else in the family. The scam usually starts with a phonecall: “Uncle Ned, it’s me, Saoirse, I’m in NYC and I’m in jail! Can you wire-transfer me some bail money?” In order to carry out these schemes, they study family names & connections and it really can help their ruse hold up. Full disclosure: I unknowingly contributed to a grandparent scam, several years ago. A scammer saw some family names on my FB masthead photo, glommed some specifics about my family, and tried to scam someone important to me. Live and learn, never again!

And showing your hometown and school info to the public is just all-around ill-advised. That info is commonly connected to account security questions, so an identity thief might appreciate this kind of info.

My hot-take on Facebook is this: Mr. Zuckerberg & Co. spares all expense in running their platform, and they are not looking out for their users. When on Facebook, we are not customers, we are simply “the Product.” The scammers are very aware of what Facebook tolerates and ignores, and they exploit that knowledge to their greatest benefit. This has been happening for a long time now, and I have no reason to anticipate any improvement. If we’re going to use Facebook, then it’s up to each user to mind their own safety.

So, if you think your daughter would be receptive to some advice, let her know she should go to her Facebook Profile, and change all of her personal info to be less Public. To the right of the Friends List is a 3-dots button that allows you to Edit Privacy. She can also go through all of the sections under “About” on the profile, and use the Pencil or 3-Dots buttons to up the privacy levels. Personally, I’ve set most of my Profile to the “Only Me” level, but the “Friends” level is good, too. Anything besides “Public!”

And if she makes these improvements, there a tool for her to check herself. If she goes to her Profile, there’s a 3-dots button to the right, just below the masthead photo. She can click that and then go to “View As”. This presents her profile as it appears to the public (to people who are not connected to her on FB). She can traipse through her own profile in this mode and judge if she missed anything that needs hiding away.

Cheers! — Jesse