Online privacy vs. the need to share

I’ve been on the fence about social networking lately. To what extent does it allow us to connect, reconnect and share, and to what extent does it give far too many third parties access to our personal lives?

And when I say “social networking,” let’s have it out in the open: that means Facebook. I mean, it’s possible to overshare on Twitter, but most tweets amount to inane babble that doesn’t reveal much about anything. It’s possible to overshare on MySpace, but that would require people to still be using MySpace when, in general, they’re not. It’s all about the Facebook these days.

Sure, Facebook can be fun. You can find people you haven’t seen in years. Share photos. Make flippant remarks about everything (this is mostly what I do there).

But I think the company is cocky sometimes. They have been guilty of assuming that, just because you want to share a photo with your friends, you automatically want to share it with literally every single person (and company) with an Internet connection. I also heard they were predicting 750 million, then 1 billion, users before too long, after they hit 500 million. Sorry. It isn’t going to happen. Facebook has been the king for a few years, but if there’s one rule on the Internet, it’s that nothing lasts forever. Unless you’re Google, apparently. I digress.

If you still want to use Facebook rather than be an early un-adopter and delete your account, I think it’s okay to do so, but you have to keep a few things in mind. You can’t just click everything that shows up on your screen.

Privacy Settings

Check your privacy settings every now and then. The safest method is to set everything on “Friends Only.” That mostly locks other people out, as far as viewing your photos and reading what you post.

Whenever Facebook introduces a new feature, new layout, or other big changes, it’s a good idea to re-check your privacy settings. In the past, “new look” usually meant “we changed all your settings back to the default, which is everybody in the universe can see everything you post.” A major update just came out, or is about to; I can’t even tell anymore. At any rate, check your settings regularly, just to make sure.

Regardless of settings, your name, location and profile photo are still visible, though. Keep that in mind. Also, if you use any “Facebook apps” (games, etc.), the publishers of those can also access your information. Which brings us to…

Applications/Games

Here’s the short version: just don’t do it. Farmville. Mafia Wars. Happy Aquarium. Farm Wars. Happy Mafia. Whatever. Just avoid them.

See, the problem with these applications is that they are created by third-party vendors, not Facebook itself. While Facebook has a privacy policy in place with regards to your information (bad PR pretty much forced their hand), these other companies might be a little more…free…with your info. It’s better to keep a tighter watch on who has your data.

Plus, these games are just a massive waste of time. You can’t tell me those hours wouldn’t be better spent away from your computer.

Other Things You Can Click On But Shouldn’t

It’s not all just apps and games on Facebook, either. There are always a million things showing up in your friends’ status feeds, often with accompanying links.

Here’s your first rule: there is no app that will tell you who has viewed your profile. It doesn’t exist. There are, however, scams that use this promise to give crooks access to your profile.

Here’s another one: any combination of words like “OMG,” “this really works,” “five things,” or scandalous videos depicting a celebrity currently huge with teenagers (Justin Beiber is the soup du jour), is not going to lead you to what it says it will lead you to. It’s called “likejacking,” and I’ve written about it before.

One more: your friend is not stranded in London, having been mugged. Someone has hacked his account and is trying to get you to wire money overseas.

Basically, if you’re using Facebook for anything beyond connecting with friends, you’re opening your information up to third parties. Some of them just want to advertise to you. Others want to steal from you.

Okay, it’s probably okay to “like” your favorite band’s official page in order to stay updated on new releases and tour dates. And it was funny when that pickle got more fans than Nickelback.

But, really, is all of this necessary? My goal would be to spend less time on Facebook, not more. I started using the Internet in 1995, and I’ll be honest: I’ve gained some weight over those 15 years. I can’t help but wonder if I’d be more fit now if I’d done more face-to-face social networking, and less BBQ-potato-chip-to-face social networking while sitting in front of a computer screen.

Social network phishing

I read an article the other day about Tweets promising free Twitter followers being a phishing scam.

I’d go into details, but it’s the same old story: you click on a link, which takes you to a website that asks for your Twitter username and password. Once the phishermen have this information, they lock you out of your own account and use it to perpetuate the phishing attack or to drive people to other scam websites. The same thing happens on Facebook. When one of your friends suddenly can’t seem to write in coherent language and starts shouting about some iffy product or cheap prescription drugs, that’s a sure sign of a phishing victim.

The thing that bothers me is how well it seems to be working. Why so much emphasis on increasing your Twitter followers?

If you’re a celebrity, I can understand why you’d end up with over a million followers just on the basis of  who you are. If you have a proactive sort of agent, you might even be encouraged to look at your number of followers as a metric of how much “star power” you’ve got.

If you work in the marketing department of a company and have spent six months convincing management that the company really needs a Twitter account, I can understand the desire to get as many followers as possible in a short amount of time.

However, if you’re just somebody who uses Twitter as a communication tool, what reason is there (beyond your ego) for thinking you need to add a hundred random followers (and subsequently falling for this scam)? Unless you’re doing something interesting on the site (telling us what your cat is doing is not one of them), I can’t think of any. For the 99% of us who are “just sorta there,” is there really any advantage to having scads of followers?

You might think this is going to lead into, “What’s the whole point of Twitter, and why don’t you just go outside for once?” but I’ll resist the temptation. Twitter’s neat, and I see the appeal. However, AOL was pretty neat at one time, too.

So have at it—use Twitter. Complain about the cruddy customer service at a store and see how scary-quick they respond to you. See what Pee-Wee Herman and LeVar Burton are up to. But never click on those “add more followers” links, and never, never, ever enter your username and password on a website other than the real Twitter page.

And go outside now and then.

Couldn’t resist.

Ridiculous Spam Friday IX: The Reckoning.

Sometimes I think I could go all the way to “Ridiculous Spam Friday, Part Infinity” and never run out of examples.

Here’s a pretty standard advance fee fraud message:

From: Jiang Jianmin <Jiang.Jianmin@ctcb.cn>
Date: Saturday, May 01, 2010 2:02 AM
To: none
Subject: Very Important*

Good Day,

I have a secured business proposal of $28,272,000.00.Contact me via my private
email(cncn1_jiang_jianmin2011@yahoo.com.cn)if interested.

Mr Jiang Jianmin.

I’ve noticed the “business proposal” scam messages never go into much detail. It’s a different approach than the lottery, inheritance or soldier versions, who often practically write you a novel.

From: Twitter Support <support@twitter.com>
Date: Monday, April 26, 2010 2:20 PM
To: [correct address]
Subject: Twit 32-37

Hi,
You have 2 information message(s)
http://twitter.com/account/message/9A2D6-2395

The Twitter Team

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

This one was sneaky. It looked exactly like a message that might come from Twitter. The link on “Twitter Support” even took you to the real page. However, the link for the “information message(s)” was disguised—it led to a website in Croatia (.hr). Eastern Europe is a hotbed of this type of stuff these days.

From: Reward-Aisle <Reward-Aisle@littleb1tes.info>
Date: Tuesday, March 16, 2010 11:07 PM
To: [correct address]
Subject: Take Our TV Survey. Get a $250 Card.

Are you going to watch the reality mom take the dance floor?      
      
http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?0     
      
Let us know if you?re over Kate Gosselin or excited for her Dancing With the Stars(R) debut. Then get a $250 Visa(R) gift card FREE, details apply.      
      
http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?0     
—     
      
Reward-Aisle?s Gift Program is not endorsed, sponsored by or affiliated with Visa, Visa International Service Association, Dancing with the Stars, ABC, American Broadcasting Companies, Inc., or any other merchants listed above. Such terms are registered trademarks of their respective owners.     
      
This promotion is conducted exclusively by Reward-Aisle. Participation terms and conditions apply. To receive the promotional gift, you must: 1) register with valid contact information; 2) complete the user survey; 3) complete the required number of Silver, Gold and Platinum sponsor offers. Available offers will vary and some may require a purchase to qualify. Please refer to the ?Program Requirements? link on the web site for details. Unless otherwise indicated, eligibility is restricted to US residents, 18 and over. Void where prohibited.      
      
UNSUBSCRIBE | http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?1 | Reward-Aisle | P.O. Box 24017, Dartmouth NS B3A4T4    
     
To remove yourself from this list,
click here http://littleb1tes.info/u/77gydK5R91-R9aC8lizf3g.html
or write to us at:
PO Box 7775
San Francisco, CA 94120

I don’t know if this is a scam, a setup for drive-by downloads, or just some really bad advertising. And I don’t care, because it’s complete garbage.

When you get a message like this, the only action to take is to delete it. You don’t even want to use that link to remove yourself from their list, because these people don’t need to know that your address works.

You’re not getting a free iPad. Nobody is getting a free iPad.

Facebook and Twitter are, once again, just lousy with a new scam. This time it involves Apple’s latest device, the iPad.

The iPad is…well, I guess it’s sort of like a giant iPhone, except you can’t make phone calls on it. It’s one of a new category of devices called “tablet computers.”

Personally, I think they’re sort of dumb. They might be good if you’re solely a consumer of content, but they seem limited if you’re actually creating content (video, music, writing, etc.).

I’m sure it will be a big hit anyway; there is a very large, dedicated population that answer “Strongly Agree” to the survey question, “I will always buy any new product Apple releases.” Maybe I’m just not hip enough to get it. I don’t look anything like the people in Apple commercials.

However, since this object has a huge buzz surrounding it, there are already a thousand “Free iPad” scams popping up, many on Facebook and Twitter. In fact, I just did a search on “Free iPad” on Twitter, and there are several new scam messages being posted every minute.

The thing is, this whole scenario seems really familiar. In fact, it’s just one letter away from the “Free iPod” scams that were all over the Internet seven or eight years ago. The only difference is that Facebook and Twitter didn’t even exist back then. The opportunity for scammers to spread their message has grown exponentially—in 2002, they mostly relied on popup advertisements and spam email.

Oh, you say the link took you to a Facebook fan page with thousands of comments from people who claim to have received a free iPad?

Those are fake. It is so extremely easy to create fake positive comments from fake users. You have to just ignore this garbage, no matter how realistic the offer may seem.

For one thing, the iPad hasn’t even been released yet. So there’s no way all these people on Twitter posting “Just playing with Ashley’s new ipad. It was free just for giving an email address at this website” are telling the truth. I’m guessing a lot of these are hacked accounts, but many of them have usernames that follow a specific pattern, which means the accounts were created solely for running a scam. The thing is, even if you know an Ashley and someone you know and follow on Twitter posts this message, ignore it. Tell your friend they’ve been hacked, though.

I’m not sure what happens if you follow the links in these messages. According to what I’ve read, many ask you for a cellular phone number, and then sign you up for a $40/month “service.”

The service? Taking $40/month away from you. I’m sure there are others that take you to infected sites that load your computer up with malware.

The bottom line here is this: nobody is giving away free iPads. Apple doesn’t send thousands of free anything to random people for evaluation. There’s still this lingering myth that the Internet is full of offers like that (“Git on the Innernet n’ you get all kindsa free stuff!”), and I’m not sure where it comes from. It’s not true and it never has been. I’ve been using the Internet since around 1994 and I’ve never once seen a legitimate offer.

Apple is a company that has a singular vision; they already know what their audience wants. Testing is done in-house, not by sending out millions of dollars worth of product for free. By the time it’s at the booth at the Consumer Electronics Show, it’s been tested a million times by people the company knows.

Want one? Cough up.

LongURL: How to see where a shortened URL takes you before you click.

Twitter (and to some extent, Facebook) have seen the rise of the URL Shortener.

When you want to share a link on Twitter, you run into a problem: the web address you need to paste takes up most or all of your allotted 140 characters, which leaves no room for your commentary, or extends beyond 140, which renders the link useless. However, sharing links is about half of what people use Twitter for (other than pointless babble and talking about what they just ate. Amiright?).

Along came the URL shorteners.

With a URL shortening website, you can enter a long web address, and the site will create a link that only uses up a few characters, which leaves room for you to tell people exactly what the link is.

For example, if you wanted to point to this article on Twitter, you could paste this link:

http://fraudpreventionunit.org/2010/01/12/longurl-how-to-see-where-a-shortened-url-takes-you-before-you-click

Or you could use this:

http://bit.ly/cMIkCZ

The first one uses up 109 characters, which only leaves you room to say “Cool!” or something, which makes the link look suspicious. The second link only uses 20, which leaves you 120 characters, more than enough for a short sentence or explanation.

Bit.ly is just one of the popular URL shorteners. Others that spring to mind offhand are Ow.ly, Tr.im, and Tinyurl.com. WordPress has its own service, too; Wp.me.

Now, here’s the problem. When you look at a shortened URL, there’s no way to tell where it takes you. Of course, you can look at the text it was pasted with, but there’s a problem there, too: several years ago, somebody discovered that it’s possible to lie on the Internet.

What this means is that a person with questionable intentions could post a shortened URL and tell you it’s a link to an interesting video or article, but have the link actually take you to a site that will install some form of virus or spyware (read: financial and identity theft risk) onto your computer.

Along comes LongURL, a shortened URL decoder.

LongURL is a site that allows you to paste a shortened URL and it will tell you the address of the site it points to. It’s sort of like a reverse phone lookup.

It’s not just a website, either. If you’re using Mozilla Firefox as your web browser (and, to be honest, you really should be), you can install LongURL as a plugin. This means you don’t have to visit the LongURL website every time you want to expand a URL.

“But,” I can hear some of you saying, “isn’t it awfully inconvenient to have to check out every shortened URL before I click it? I don’t want to slow down!”

Well, that’s one of the attitudes that keeps Internet crime so lucrative. It’s been a long time since malware was the exclusive domain of nerdy suburban kids and college students trying to cause disruptions or simply stroke their own egos by putting out a widespread and annoying (but relatively harmless) virus. These days, most of the people creating malware and using all these different tactics to distribute it are involved in organized crime and/or terrorism (or at best, extremely scummy marketing practices). It’s all about money now.

When you insist on unconsciously following any link you feel like following, without taking a moment to consider the possible consequences, all in the name of not wanting to slow down, you’re playing right into these criminals’ hands. It won’t be long before you fall for a shortened URL phishing attack and end up with a computer just brimming with bad juju.

I mean, it’s hard enough to keep your computer clean if you are paying attention, what with so much of the software industry’s insistence on rushing sub-par products to market that are vulnerable to things that, frankly, should have been eliminated 15 years ago (all in the name of speed, as usual). If you’re just blindly speeding along and not taking a couple seconds to look where you’re going, you’re going to run into something nasty before too long.

Ask yourself this: “Would I rather take an extra five seconds to check out what this URL is pointing to, or would I rather end up with a computer full of viruses (which could take hours or days to fix) or an identity theft situation (which could take months to fix)?”

Go to LongURL. Pay attention. Stay vigilant. Slow down.

Online Scams Epilogue: How to actually make money on the Internet

So, how do you make money on the Internet?

Perhaps I’ve given the impression that it can’t be done, but that’s not true. However, the answer may not be what you want to hear.

Basically, you have to have something or create something that other people want, and figure out how to deliver it over the Internet.

The easiest way is the most obvious: sell things on eBay. If you have a supply of antiques, collectables or anything else lots of people desire, create an eBay account and go for it. It’s probably not going to be a full-time career or bring you millions of dollars (unless you’re extremely shrewd), but it can be a source of income that doesn’t involve a ton of work on your part.

Other than that, you pretty much have to create something. If you make things by hand, there’s a site called Etsy that allows you to put up a “store” for your wares. Again, it’s probably not going to be a career, but it’s a way to leverage a hobby into extra income.

The blogging world has some success stories. A lot of sites (I Can Has Cheezburger? comes to mind) that have become cultural icons are essentially using a fairly standard blog format. They mostly generate income through advertising revenue (and some of them get book deals later on).

It’s tough to do, but it can be done. Remember; Google, Yahoo!, MySpace, Facebook and Twitter were all created by small groups of people with ideas for sites people might like.

So that’s how you make money on the Internet: create content that people want, or sell a service or product. Perhaps there was a time when putting up a page with nothing but paid links to other sites would have worked, but those days are long gone. The Internet just isn’t “neat” enough anymore, in and of itself, for that sort of thing to work. You’ve got to create your own business on the Internet. It’s not easy, and you might fail over and over, but I hear it’s a pretty sweet life when it works.

The Internet is just crawling with these people

Just as an illustration of how careful you have to be when it comes to credit repair/credit counseling/etc. on the Internet, after I posted yesterday’s article I also updated the FPU Twitter feed. The update contained the words “credit repair,” because I was stating how many of them were scams.

This morning I had three new followers on Twitter.

Every one of them was from a credit repair scam business. The first one was obvious…every post contained the same URL, they were following a thousand people but had three followers. The second was from a place with a D- rating by the BBB. The third had a big, fat F.

Needless to say, I blocked all three. Then I found a few that I’d missed, hiding out in my list of followers. I’m not allowing these criminals (which is what they essentially are) to follow the FPU on Twitter.

They’re watching Twitter for the words “credit repair” and latching onto anyone who mentions it. Not on my watch.

I may start calling them out by name every couple weeks if it happens enough to annoy me. I’ll just post their Twitter names, their business names, and their ratings from the BBB. And a warning that the Fraud Prevention Unit recommends you do NOT contact these businesses.

If they are contacting you first, it’s a scam. Pure and simple. There are legitimate credit counselors in your area. Do the research if you need their services. You can’t afford not to.