How to Avoid Facebook Scams

Mark Zuckerberg, founder of Facebook, speaks to advertising partners about targeted advertising.

It's not an exaggeration to say thatonline social network sites have revolutionized the Web. They're at the forefront of the Web 2.0movement and Facebook is one of an elite few leading the charge. Every day, hundreds of people join the Web site to reconnect with old acquaintances and make new friends.

But helping people make connections with each other is just one of Facebook's qualities. Another important element is that Facebook allows application developers to create small programs called apps (short for applications) and use Facebook as a platform. In a way, Facebook is acting like an operating system -- it provides the foundation for smaller applications that tap into the social network's resources.

Arguably, the most important resource is Facebook's user base. Building an app can be time-consuming and challenging; however, Facebook's community includes millions of people, and that gives developers a built-in audience for their work. Without this audience, developers could end up working long hours, creating a program that no one sees or uses. But the nature of Facebook's community helps developers spread their work virally. Facebook members grab the application after seeing it on a friend's profile and soon thousands of people are enjoying the app.

Why do developers create apps? Some developers just want to create a fun application for people to enjoy. The app enhances the user experience on a social network. Others are building programs that are part of a marketing strategy -- they hope the application will nudge users to purchase a particular product or subscribe to a service. A few create applications that gather data in order to create targeted advertising. And some are taking advantage of the open nature of Facebook to create malicious programs or run scams in an effort to con users or cause mischief.

How can you avoid these scams? And what should you do if you fall victim to one?

Facebook Scams

Adrienne Felt, a computer security student, created an app that brought to light some Facebook security vulnerabilities.

Facebook apps come in dozens of varieties with hundreds of examples in each category. There are quizzes, games, tools and other apps that let you rank everything from your favorite albums to the celebrities you'd like to meet. Each of these apps requires you to install a few lines of code to your Facebook profile. From your point of view, all you have to do is click a button on a page, indicate that you accept the user agreement and install the app.

But not all apps are innocent. You should pay attention to what kind of information the app says it must be able to access to work properly. Facebook's privacy policy is built on two principles: Users should have total control over their personal information and they should be able to access the information other users wish to share [source: Facebook]. When you fill out a Facebook profile, you can include information ranging from your date of birth to your address to personal contact information. Facebook also tracks information about how you use the site. If that information remains private, you feel safe. But what if Facebook shared that information with someone you didn't know?

That was a problem with some early Facebook applications. In order to function, most applications need to access some of your information. Early apps would often access far more information than they required. That meant the developers of those apps could access a great deal of personal information about users. Facebook tried to put a stop to this and demanded that developers only request access to information that was necessary for the app to work the way it should.

Facebook points out in its privacy policy that users can choose which information remains private. But it also points out that although it provides privacy protection, no system is perfect. It's possible for developers to find ways around safeguards and access information. It's a good idea to do a little research about an app before you choose to incorporate it into your profile.

Facebook Scam Warning Signs

Video Killed the Facebook Star One of many scams to make the rounds on Facebook was a ploy to get users to visit a fake video site and download malware in the disguise of a video player. Once a user's profile was compromised, the malware would send out messages to that user's friends, claiming the recipient could be seen acting strangely in a video. Curious friends would visit the site, download the malware and the cycle continued.

There are several indicators that can usually clue you in to a scam. Two major red flags that something underhanded is going on are a request for a password or credit card information. Scammers collect passwords or credit card numbers and use that information to take advantage of the victims. These requests might seem perfectly innocent in the context of the app but they should set off alarm bells in your mind. Again, do a little legwork and research the app before you take the plunge.

If an app tries to take you to a new page, pay attention to that page's domain name. Some scammers are clever enough to create a mockup of a real Facebook page with a request for your password. If the domain name seems fishy, you shouldn't insert your password. Pop-up messages that advise you to download or install an additional application after you've already started the process are another potential sign of malware. Installing these programs may infect your computer with a virus.

Sometimes one of your friends will fall victim to a scam and you'll receive messages that appear to be from him or her. These messages usually ask you to visit a link included in the note. You should send a message to your friend to confirm that it's a legitimate link. It's possible your friend's profile has been compromised and the message was sent to you automatically. If the wording of the message seems odd or unlike your friend's normal style, that's another indicator that something questionable is going on.

There's a special name for the way scammers manipulate victims like this: social engineering. While it's true that malicious hackers known as crackers sometimes pierce a system's security by using various software tricks and hacks, it's also common for people to willingly give up information. The scammer just has to make the victim want to share. There are a couple of common ways scammers trick people into sharing:

• They appeal to the victim's vanity with a message that suggests the victim can be seen in a compromising or funny way at a certain Web site. The link to the Web site actually leads the victim to downloading malware.
• They make promises of get-rich-quick schemes.
• They tempt the victim into sharing a credit card number, then commit credit-card fraud.

Next, we'll look at what you should do if you're victim of a scam.

Recovering from a Scam

There are a few things you can do if you're the victim of a scam. What you do depends on what the scammer has done to you.

If you've divulged your password, you should post a message to your friends to warn them that your account was compromised. This might prevent your friends from following any links that will compromise more accounts. Change your password to something hard to guess -- a string of unrelated characters is best. Avoid using the same password for multiple accounts or services -- otherwise you could leave even more of your information vulnerable. You can report the scam to Facebook through the Help Center.

Facebook provides a form for victims of phishing attacks. Phishing refers to the practice of tricking people into sharing private information like credit card numbers and social security numbers. One of the more common phishing scams is known by two names: the Nigerian scam or the 419 scam.

The basic scam goes like this: The person sending the message claims that he or she has a large sum of money that's being held up in another country. With your help, this person will be able to free up the money and will give you an enormous reward. But to get the money, the person needs some of your money first. This is just a cover story -- the person is really trying to steal your money. If you see a message like that, you should use the form provided by Facebook to make them aware of the problem.

Facebook is a powerful social networking site that can help you stay in touch with friends on the other side of the world. There are lots of genuinely fun and useful applications on Facebook. With a little caution, you can enjoy the best Facebook has to offer and avoid being the victim of a scam. Just think twice before you install an app or click on a link.

Learn more from the links:

• Castro, Kimberly. "Watch Out for Phishing Scams on Facebook." U.S. News & World Report. April 30, 2009. (May 1, 2009) 
  http://www.usnews.com/blogs/luxe-life/2009/04/30/watch-out-for-phishing-scams-on-facebook.html
• Consumer Fraud Reporting. "How to Report a Fraud or Scam." 2009. (April 30, 2009) 
  http://www.consumerfraudreporting.org/reporting.php
• Facebook. "Facebook Phishing Scam Awareness Discussion Board." (April 30, 2009) 
  http://www.facebook.com/group.php?gid=9874388706
• Facebook. "Facebook Privacy Policy." Nov. 26, 2008. (April 30, 2009) 
  http://www.facebook.com/policy.php
• Facebook. "Help Center." (April 30, 2009) 
  http://www.facebook.com/help.php
• Leyden, John. "Grifters punt 'get rich quick' scams at Facebook users." The Register. Feb. 19, 2009. (April 30, 2009) 
  http://www.theregister.co.uk/2009/02/19/facebook_scams/
• Mills, Elinor. "Nigerian scammers hit Facebook." CNET. Nov. 10, 2008. (April 30, 2009) 
  http://news.cnet.com/8301-1009_3-10092504-83.html
• Raphael, J.R. "5 Facebook Schemes That Threaten Your Privacy." PC World. Feb 25, 2009. (April 29, 2009) 
  http://www.pcworld.com/article/159738/5_facebook_schemes_that_threaten_your_privacy.html