Saturday, July 23, 2011

By popular request - how not to get phished on facebook

And what to do about it if you, or someone you follow is:

I want to touch it - but I shouldn't - but I want to.... Private browsing for beginners

We've all seen it - a friend posts a salacious or silly picture or video, with a comment meant to entice us into clicking - and the next thing you know you've got some obnoxious page posting links all over your wall, without your control. And your friends are all over you because they clicked it too and it's on THEIR wall. This form of Facebook spam is really out of control lately - I see more and more reasonably careful people being attacked by it - heck I even fell for one the other day. But what is a person to do? That link is SO TEMPTING - surely your friend wouldn't post something noxious?

So here's how to safely find out if the link is legit or not - without having to subject yourself to the embarrassment of the links being propagated on your page:

In IE8/9, Chrome and Firefox there is a concept known as "private browsing". Private browsing disables all your normal cookies, and every time you use it, it empties the cache. This way there is nothing left behind by the private browsing experience, and the browsing doesn't have access to your normal cookies (like the one Facebook uses to help applications track what your personal information is). If you do create a cookie within a private browsing session that cookie is deleted when you get out.

In Chrome this is known as an "incognito window" and a new private browsing session is opened from the "wrench" in the upper right by selecting "New Incognito Window". In IE8/9 it is known as InPrivate browsing, and is selected by clicking on the Shield in IE8/9 and selecting "InPrivate Browsing" or on the Gear in IE8/9 and selecting Safety/InPrivate Browsing. In Firefox you go to Tools and select "Start Private Browsing".

Ok so now that we know how to do Private Browsing how do we use it to check those suspcious links? First thing to do is to create your window using the methods above. Then go back to your original window with FACEBOOK in it - in that window RIGHT CLICK on the link you want to check and choose "Copy Shortcut". Then go to the private browsing window address bar and choose PASTE to paste the address into the address bar. Press enter to bring up the content. HERE IS THE IMPORTANT PART: NEVER EVER enter any facebook information into this window. If you are prompted to login to facebook to see the contents, or are asked to "SHARE" your facebook information for a better browsing experience or ANY prompt for ANY personal date whatsoever, including asking you to press a facebook like button - just close the window. Don't respond to the request, and cease viewing the information because it's link bait. A legit link will not ask you for this stuff.
Private Browsing does NOT protect you from viruses, or from behavior like clicking on a link and installing malware software. You still have to be reasonably careful about what you do in that private window.

Oh no. I clicked it. It phished me - now what......

Now that you've foolishly clicked the link and it phished you and posted to your wall unwillingly - you need to remove trace of it from your wall so as not to infect others. Click the X next to the post and remove it (or choose remove app if available). This doesn't get rid of everything though. You also want to "unauthorize" that app/page from accessing your personal data:
  • go to Account (upper right), privacy settings, lower left is apps and websites, click edit settings for using apps,
  • next to "apps you use", click edit settings,
  • click the X next to the app that phished you (And next to any other apps you don't really want rummaging around in your personal details)....
  • While you're there go back up a level in privacy settings and click on the edit settings next to "Info accessible through your friends" and uncheck everything there. You don't need to share any of that with friends of friends.
  • If you use apps have pity on your friends walls and choose Only Me next to game and app activity unless it's really a social game and you want to spam your wall with notices
  • Click through on instant personalization and uncheck it - you don't want random websites you might surf onto to drive-by your personal info and snag it.
  • One of the things that the new sites do is tag your friends in a photo that has a link back to the site. A truly annyoing additional bit of spam. You can easily avoid this however. Go to account/PRivacy settings, app settings, choose info accessible through your friends and (my recommendation) uncheck everything, or at least uncheck photos and videos I'm tagged in and your wall. Apps other people sign up for shouldn't have access to your information.
  • Courtesy of (Lin Daniel): Not a bad idea to check and be sure they haven't added a page too... It's a tad more complex than editing Apps. In the upper left corner, click Profile. On the right side, under your Profile picture, click Info. Scroll on down to the section labeled Activities and Interests. Click the Edit button. Click "Show Other Pages". Go to the bottom, since most new items are put there, and delete any pages you don't recognize. Scroll on up, and make sure there aren't any other pages hiding in the middle. You might want to check the other "Likes" as well, just to make sure. Yup, it's tedious and time consuming, but it'll bite you if you don't.
If you feel you really NEED to visit the site - heed the warning in my other note about how to check links for phishing first.

Has your friend/acquaintance been Phished and posted something they didn't mean to on their wall...

If so - do them a favor. LET THEM KNOW. The most important part of fixing a phishing incident is education so that the person knows what happened, knows how to fix it and can hide the post off their wall as quickly as possible. This way the post doesn't spread to others who curiously click it. But did you know that you too can play a role in suppressing the objectionable material?
While the person has posted it and not yet removed it from their wall it still shows up on YOUR wall. If someone is browsing your wall - there's the link to click - they trust it because they trust you and your friends. Now you can't control your friends posts, but you CAN control what shows up on your wall. After informing your friend (I usually do it as a separate post) simple click the X next to the post (it's hidden but if you hover your cursor over the post it will show up). Select delete post from wall, and then - to help Facebook identify it as a phishing post select "Advanced" from the menu that comes up and identify the post as SPAM/SCAM - this will hopefully help Facebook block all posts from that source at some point in the future.
Feel free to pass this note alont to your friends. You could save someone from from an embarassing episode.