Facebook requires you change your password if it is the same as your Adobe password.

We’ve recently heard of the massive breach at Adobe.  38 million users private data information was leaked, now Facebook is requiring you to change your password if it is the same as the one you used on your Adobe account.

Users who have the same combination of email and passwords for the accounts are being automatically locked out of their Facebook accounts.  There are several questions being asked before access is granted.  Then users will create a new password for safety measures.

Facebook users may be greeted with “Someone May Have Accessed Your Account”.

Although, Facebook has not be directly affected, they want to make sure your account isn’t at risk since hackers often use your email and password to access multiple accounts.

Unfortunately, many people use the same password for all their accounts, which is a major security risk.
For tips on how to create a safe and secure password, go to our recent blog post.

Facebook hasn’t revealed how many of their users were affected  but password information is publicly available on the internet via several password “dumps”.

Adobe has confirmed around 38 million active users may have had an ID or encrypted passwords accessed by unknown attackers in a breach earlier in the year.

Three million users are estimated to have their data accessed, but the attackers appeared to only want the source code for Adobe’s Acrobat software.

Half a million craftier customers chose “123456789”, according to a report by The Register, quoting researcher Jeremi Gosni, a self-styled “password security expert” who found the passwords in a dump online.

Always create a new password for each individual account.  Once some gets a hold of one of your passwords, they can access your whole life if they wanted to.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:

Facebook helps out users who used same password on Adobe – by blocking them – We Live Security
http://www.welivesecurity.com/2013/11/13/facebook-helps-out-users-who-used-same-password-on-adobe-by-blocking-them/

Iranians had Social Media Access due to Glitch

Monday evening, Iranians had a few hours of access to their Facebook and Twitter accounts due to a technical glitch in the system.  This was the first time in four years Iranians were able to get into their social media accounts because the government has put a ban on them from protests of the Islamic revolution.
This was the first time they gained access to their accounts without having to get around a firewall, put on by the government.


http://www.hyphenet.com/blog/iranians-social-media-access-due-glitch/


Speculation of the eased censorship points toward President Hassan Rouhani, who succeeded Mahmoud Ahmadinejad last month.  The re-election in 2009 sparked demonstrations, which social media played a large part of.

Although, access has been blocked again, Abdolsamad Khoramabadi, secretary of a state committee, said technical difficulties with Iranian Internet service providers (ISP) had allowed access most likely caused by a technical malfunction caused the problem.

Service providers are being investigated.

Officials, including Foreign Minister Mohammad Javad Zarid, have created Facebook and Twitter profiles, hoping the sites would be soon unblocked for them to access.

Many Iranians use proxy servers to trick the system into believing they live elsewhwere to access the social media sites.

Arash Tajik, an IT administrator in Tehran, said he thought the blip, which meant he could get into his Facebook without a proxy server at his office Monday, was a test.  Because on Tuesday when he tried to access it from home, no longer worked.

Signs of Change

President Rouhani, has pledged to relax political and social media restrictions in Iran has not claimed responsibility.

The lift could have also been a trend in diplomacy, noting Forign Minister Javad Zairf tweeted “I had a very constructive meet in Bishkek with Chinese Foreign Minister, followed by an excellent hour-long meet between the two presidents.”


http://www.hyphenet.com/blog/iranians-social-media-access-due-glitch/

International executives at Facebook and Twitter had no comment on the development.
One Iran expert based abroad said controls had briefly been removed not only with Twitter and Facebook but for other sites including pornographic ones.  This is due to a SSL Web security tool.

Amin Sabeti, a British-based expert on the Internet in Iran stated, “Iran has invested millions of dollars for its filtering system and it is clear that the regime will not give up Internet censorship very easily.”

Other signs of  relaxed social controls is Mohammad Javad Zarif, and Supreme Leader Ayatollah Ali Khamenei,  using their Facebook and Twitter profiles to engage users and publicize ideas.

Some are still speculating it is an experiment for the U.S. to use the social media sites, like Google uses technology, to block certain kinds of activity.

Arash Tajik, an IT administrator in Tehran, said he believed this was done by authorities, that they are testing the situation to see what happens and if they can control the situation or not.

Do you think the block should be taken off  the Iranians?  Please share your thoughts below.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:
‘Glitch’ gave Iran social media access – Aljazeera
http://www.aljazeera.com/news/middleeast/2013/09/201391781149630189.html
September 17, 2013
Iran ends brief social media access, calls it glitch – Yahoo News
http://news.yahoo.com/technical-glitch-gives-iranians-access-facebook-twitter-official-080556704–sector.html
September 17, 2013

Facebook Users Passwords Harvested by Browser Malware

Don’t trust everything you see on Facebook.  Especially if it’s a message from your friends saying you have been tagged by them.
A malicious software is appearing  as a link in an e-mail or Facebook message telling people they have been tagged by a friend in a Facebook post.  When users go to Facebook and click on this link, they are sent to another website and prompted to download a browser extension or plug-in to watch a video, said researcher for an independent Italian security, Carlo De Micheli.
Once the plug-in is downloaded to the computer, attackers can access everything stored in the browser.  This includes all accounts and saved passwords that are automatically saved to your computer when you visit a site.  For this reason, it is important to tell your computer NOT to save your passwords.

Photo Credit: Bits

 

Mr. De Micheli said this malicious software has been spreading at the rate of 40,000 attacks an hour and has affected more than 800,000 people using Google’s Chrome browser.  The malware is replicating itself by hijacking victims’ Facebook accounts then attacking all their friends accounts.
This malware blocks access to the browser settings that allow it to be removed and also blocks access to websites that offer virus removal software.   These attackers have now released another version of this malware targeting Firefox users.

“When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances,” said the spokeswoman, Veronica Navarrete, in a statement. “We’ve already removed several of these extensions, and are continuing to improve our automated systems to help detect them even faster.”

Mr. De Micheli said the attackers appear to be of Turkish origin, based on comments embedded in the software.
This is not the first instance of an attack through browser extensions.  This software allows a Web browser to perform specific functions, like a smartphone app does.  This attack appears to be one of the most extensive in the usage of technology.
Remember when you were told not to click on attachments?  Now the same goes for browser add-ons, you may be allowing an attacker access to your accounts.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.

References:
More than 800,000 Facebook users fall victim to password-harvesting browser malware, researcher claims – WeLiveSecurity
http://www.welivesecurity.com/2013/08/29/more-than-800000-facebook-users-fall-victim-to-password-harvesting-browser-malware-researcher-claims/
August 29, 2013
Malicious Software Poses as Video From a Facebook Friend – Bits
http://bits.blogs.nytimes.com/2013/08/26/malicious-software-poses-as-video-from-a-facebook-friend/
August 26, 2013

Are Facebook and Microsoft Giving the Government your PersonalInformation?

Microsoft, Facebook Make No Mention of Government Requests

Earlier on, Microsoft and Facebook had requested their users to input personal data and said that it was as per the direction of authorities of the US government. When asked later what matter the information was for, the companies only said that they are still unable to disclose what matter the information was for. Some say that it was to help the search of a missing child. However, many people are upset by the way the companies sidelined the users and did not make any mention of the reason for taking personal data from the users.

Why People Are Upset

Some information may have actually been needed for certain operations regarding national security. But the people of America feel that having been active participants in the matter, they deserve some reconciliation. They feel they should know how their acceptance of allowing their personal details being given to the government has helped. It is understandable that this may have been for a very good cause, however, some are unhappy at the breach of privacy without good reason so far.

Facebook and Microsoft’s Comments on the Matter

The companies mentioned on their corporate blogs that they have been swamped by thousands of queries and comments sent in by users. They also mentioned that they are allowed to give out any data which the government deems to be a matter of national security. This may even include FISA Orders or Directives, according to John Frank, the current deputy counsel at Microsoft.



 Please visit http://www.hyphenet.com/blog/ for more blog posts on the latest technology and IT security news.

References:

Facebook can now say more on user surveillance
http://www.foxnews.com/tech/2013/06/15/facebook-can-now-say-more-on-user-surveillance/
Published June 15th, 2013

Facebook Microsoft Government Broader Surveillance Revelations
http://www.nydailynews.com/news/national/facebook-microsoft-government-broader-surveillance-revelations-article-1.1373545
Published June 15, 2013

Microsoft and Facebook Release Number of National
http://www.fool.com/investing/general/2013/06/15/microsoft-and-facebook-release-number-of-national.aspx
Published June 15, 2013

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

Image courtesy of [Free Digital Photos] / FreeDigitalPhotos.net

Security Flaw Found in Facebook Pages Manager App for Android

Facebook Patches Privacy Flaw In Pages Manager For Android ...

Over the weekend, Android Police received a tip about a serious privacy hole in Facebook Pages Manager for Android that made some privately uploaded photos public.   Shortly after  the details of this  issue went  public, Facebook Security got in touch ... a fix had been rolled out server-side, and noapp update was necessary.

 

Serious Privacy Flaw In Facebook Pages Manager ... - Android Police
www.androidpolice.com/.../serious-privacy-flaw-in-facebook-pages-man...‎

2 days ago – Update 5/26/13 11:30pm PT: Rory from Facebook Security has informed .... Facebook Pages Manager App Updated To 1.4 With Photo Albums, ...

Privacy Flaw Found in Facebook Pages Manager ... - Softpedia News
news.softpedia.com › News › Telecoms › Mobile Blog‎

1 day ago – Privacy Flaw Found in Facebook Pages Manager for Android. ... Facebook Messenger and Facebook Apps Updated on Android · Oppo Find 5 ...

Flaw in Facebook Pages Manager for Android makes your private messages public
http://tech2.in.com/news/android/flaw-in-facebook-pages-manager-for-android-makes-your-private-messages-public/874420

If you have Facebook’s Pages Manager application installed onto your Android devices to access your pages at any time of the day, you need to beware. If you plan on sending an image as a private message to a fan of your page, chances are that the image will get posted onto your wall for all your fans to see.

 

Spammers Exploit Boston Marathon Bombing to Spread Malware

Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

• Explosion[s] at Boston Marathon


• Boston Explosion Caught on Video


• Aftermath to explosion at Boston Marathon


• Video of Explosion at the Boston Marathon 2013


• Runner captures. Marathon Explosions


• 2 Explosions at the Boston Marathon

The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe

Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

• Do not click links or download files attached to unsolicited emails.


• Stick to the official websites of your favorite news channel to get the latest updates.


• Keep your operating system and installed third-party software fully patched and up-to-date.


• Always run antivirus software and keep the virus definitions current.

Did You Already Fall for It?

Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Facebook Pushes App Update to Android Users.... Outside of Google Play

Oh Facebook, WHAT are you doing?

There are reports that Android users that have the Facebook app installed on their devices are being nagged to download and install an update – OUTSIDE of Google Play.

While at first glance this may appear as if there were a bit of malicious activity going on – as authentic app updates are usually delivered via Google Play – it is actually a legitimate update that Facebook says they’re rolling out to a small number of users.

The reason why they decided to push it outside of the Google Play store is still left unclear, but hey, it’s not like it’s the first shady thing they’ve done with the Facebook App for Android.

Obviously this update cannot be applied unless the device is set to allow applications from “Unknown sources” (aka outside of Google Play) to be installed, but enabling this setting is obviously not recommended for security reasons.

Facebook claims that only users with WiFi enabled will get the update notification; however, complaints within the Help Center conflict with that statement. Judging from the thread, I’d say Facebook users are wondering why the social networking giant thinks they’re above pushing updates via Google Play like everyone else.

What are your thoughts on this? Would you install this update on your Android device?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phishers Impersonate Mark “Zurckerberg” to Hijack Facebook Accounts

Facebook users should be wary of phishing emails signed by a “Mark Zurckerberg” stating that their Facebook account may be permanently suspended due to TOS violations unless they verify their account.

The email is a sham, and recipients that click the embedded verification link will be taken to a spoofed Facebook login page designed to steal their login information.

Users may not suspect that something is amiss until they’re redirected to the ‘Help’ section of the real Facebook site after supplying their login credentials, but the damage will already have been done at that point.

The miscreants behind this scam will already have the victim’s login information, which can be used to take over the victim’s Facebook account and pose as the victim and/or launch additional scam/spam campaigns.

Here’s an example of an email associated with this scam:

Mark Zurckerberg

Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of service.Your account might be permanently suspended.

If you think this is a mistake,please verify your account on the link below.This would indicate that your Page does not have a violation on our Terms of Service.

We will immediately review your account activity,and we will notify you again via email.
Verify your account at the link below:

=========================================
Link Removed
=========================================

Protect Your Facebook Account

Users can minimize their chances of falling for this Facebook phishing scam – or any others by following these few bits of advice:

• Access your account safely by manually typing in the URL in your address bar or using your bookmarks instead of following hyperlinks.


• Always double-check the URL in your address bar before entering any confidential information, including login credentials.


• Beef up your Facebook account security by enabling login notifications and login approvals.

Did You Fall for This Scam?

If you have already fallen for this scam:

• Change your password immediately - if you still can.


• Check out the 'Hacked Accounts' section of Facebook's Help Center.

[via Hoax-Slayer]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

So, the McDonald’s “African-American Tax” Hoax is Back

Some of you may have already seen it (depending on how gullible your Facebook friends are), but judging from the recent warning from Sophos, it appears as if the McDonald’s “Black Tax” hoax is back.

If you see the image below, don’t fret: McDonald’s isn’t charging African-American customers an extra $1.50 per transaction “as an insurance measure due to a recent string of robberies.”

It’s not true, it’s just a 4chan prank gone wrong.

PLEASE NOTE:
As an insurance measure due in part to a recent string of robberies, African-American customers are now required to pay an additional fee of $1.50 per transaction.

Thank you for your cooperation,
McDonald’s Corporation
(800) 225-5532

History of McDonald’s “Black Tax” Hoax

According to Gawker, the hoax image originated from 4chan ~2007, was posted on McServed.com in June of 2010 and somehow went viral in June of 2011.

Of course this created a field day for McDonald’s PR team as Twitter users retweeted the picture & shared their thoughts in 140 characters or less. McDonald’s took to its social media accounts to reassure everyone it was a fake image, but some people just weren’t buying it.

Still, the phone number listed on the phony flyer should be a hint – it’s actually the customer satisfaction line for KFC!

If you see anyone sharing this image, be sure to clue them in on what’s going on, and try not to spread the hoax any further.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

'Change Your Facebook Color' Scam Tricks Users into Downloading Malicious Chrome Extension

Cybercriminals are doing all they can to take advantage of Facebook users that [for whatever reason] want to change the site’s theme color.

Dozens of internet scams have popped up in the past, promising to give Facebook users the ability to change Facebook’s signature blue to another color, such as pink or black. Most of these offers turned out to be nothing more than a survey scam, but there were some that were just a way for the scammer to take over the victim’s Facebook account.

The goal of the latest version of the Facebook color-changing scam, however, is to get users to download a malicious Chrome extension.

Potential victims are first exposed to this scam after receiving a Facebook event advertising a Tumblr page, titled ‘My Friends Can Change The Facebook Color’ that will redirect them to another site offering the rogue Chrome extension.

[gallery columns="2" link="file" ids="8221,8222"]

Screenshot Credits: Webroot

Once installed on the victim’s browser, the extension runs a script that will keep the scam going by:

• creating a new Tumblr page that redirects to the page promoting the Chrome extension


• creating a new Facebook event promoting the offer & directing users to the freshly-created Tumblr page


• inviting all of the victim’s friends to the event

As Webroot researchers have pointed out, the real danger lies within the fact that the rogue Chrome extension will have access to all of your data on all websites along with access to your tabs and browsing history.  That’s a lot of information you don’t want in the hands of a scammer.

Honestly, changing the Facebook website colors isn’t important enough to risk having sensitive information stolen – or having your account taken over by an attacker (if that’s the goal of the scam).

Did You Fall for this Scam?

If you've already fell for this scam, it is recommended that you:

• Delete the Facebook event.


• Remove the Chrome extension from your browser
  
  
  
  • Click the Chrome 'Menu' button
  
  
  • Select Tools
  
  
  • Select Extensions
  
  
  • Click the Trash icon next to the extension
  
  
  • Click 'Remove' in the confirmation dialog
  
  
  
  


• Warn your Facebook friends about this scam & advise fellow victims to follow these same steps.

Make sure you steer clear of any offers to change Facebook theme colors in the future!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Phishing Page Offers Fake Security App to Facebook Users

Would you believe an app that promised to protect your Facebook account from being hacked?

Symantec researchers recently found that cybercriminals had set up a phishing site offering a Facebook app that allegedly protects your account from hackers. The irony in this scam, of course, is not only the fact that it sets user accounts up for hijacking, but the fact that it’s so poorly carried out.

While the scammers did put effort into spoofing the Facebook site design, the phishing page is hosted on a free web-hosting site and for some reason has an image of a fake Facebook stock certificate at the bottom of it.

To install the app, users must provide their Facebook login information and then enter a confirmation code, which researchers found is always “7710.” After entering the requested information, users will see a confirmation page that thanks them for “using this service” and states that their Facebook account will be secure in 24 hours.

That should be plenty of time for the scammer to login and take over their Facebook account.

Protecting Your Facebook Account

If security is a concern, users can keep their Facebook account safe from hackers by following these safety tips:

• Use a unique, strong password for their account. (Don’t share your password either!)


• Enable secure browsing (https) on their Facebook profile. (Why?)


• Enable login notifications, text message notifications & login approvals under Facebook’s security settings.


• Use Facebook’s App Center to find and install Facebook apps.


• Always check the URL before entering Facebook login credentials.


• Exercise caution when checking email (no clicking links or downloading files attached to unsolicited emails) and surfing the web.


• Keep your operating system & antivirus current to minimize the chances of malware infecting your machine.

[via Symantec]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

PharmaSpam Has Users Thinking a Lot Has Happened on Facebook

Has a lot happened on Facebook since you last logged in? Has it, really?

It depends… on whether or not that notification email sitting in your inbox is really from Facebook, which it may not be.

Yes, it appears that spammers are once again sending out fake Facebook notices to try and generate traffic for their pharmaceutical websites.

Here’s a copy of the Facebook spam I received on Sunday:

From: Facebook (notification+queejvx5vf7bh@server-193-237.tanduc.com)
Subject: A lot has happened on Facebook

Facebook

A lot has happened on Facebook since you last logged in.

3 messages awaiting your response.

[Go To Facebook] [See All Notifications]

This message was sent to [YOUR EMAIL]. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Not a single link in this email points to Facebook; they all go to a third-party site that redirects to an illegal Rx website.

What to Do with Facebook Spam

If you happen to receive an email like the one above, it is suggested that you:

• Avoid clicking on any links.


• Mark the email as ‘Spam’ in your email client.


• Report the email to Facebook.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Internet Scammers Hope to Feed on Twilight Fans in Wake of Breaking Dawn: Part 2

Twilight fans are mere days away from entering a feeding frenzy and crowding movie theaters to watch Breaking Dawn: Part 2, the final movie in the Twilight series.

Cybercriminals, on the other hand, have already setup their scams offering Twilight memorabilia.

The scams seen so far start off with an offer for free Twilight Vampire contacts, but there’s a possibility that other items such as an Official Twilight Backpack, Custom Twilight Converse Shoes, Complete DVD Set or Book Set could be dangled in front of Twilight fans instead.

Do not click if you see a post/offer resembling this one on Facebook, or any other social media website for that matter:

7 DAYS UNTIL BREAKING DAWN PART 2 IS OUT! To celebrate we're giving away FREE Twilight Vampire contacts! Follow the steps below to get yours now!

- Like this post and share it with your friends
- Click the link below
- Be sure to choose if you want Golden, Red, or Black contacts!

hxxp://www.consumerrewardprogram.com/FreeMerch/?c1=TwilightMerch

Upon clicking the link you will be taken to a website asking you to choose your prize and enter your email address. Simple, right?

But wait - did you happen to notice the fine print at the bottom of the page at all? It states by providing your email address, you agree to receive promotional emails and “special” offers from “trusted 3^rd parties.” Oh, and in order to receive your reward you must meet the eligibility requirements, complete a survey, and complete a total of 10 Reward Offers.

For those of you who are unfamiliar with “reward offers” offered by deals like this, they usually involve signing up for some paid service or applying for a credit card or loan. Signing up and cancelling service just to get the prize doesn’t work either – you have to keep your accounts active for more than 30 days to “qualify” for it.

Funny how something that was supposed to be free suddenly turns into an expense.

You might as well find a local store that sells crazy contacts or Twilight merchandise and pick it up there. At least you’ll know for sure you’ll get it and you won’t have to worry about random charges for services you don’t need.

Stay safe, Twilighters!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Tale of a Man Who Bought Details of 1.1 Million Facebook Users for $5

How protective are you of your information?

Many of us share our contact information, current location and everyday thoughts on our Facebook profile without ever considering the possibility of that data ending up in the wrong hands.

Even more alarming is how easily said data can be collected and sold to anyone that’s willing to pay. The sales price doesn't have to be high, either.

As Bulgarian blogger and digital rights activist Bogomil Shopov recently discovered, a handy $5 can fetch the information tied to 1.1 million Facebook users.

According to his blog, Shopov purchased the list containing Facebook names, user IDs, email addresses, and vanity URLs from someone off Gigbucks for $5. In the description, the seller wrote that the data had been collected through Facebook apps, only included active users, and had great potential for anyone looking to offer a social media product or service. Spammers could also find this list useful, of course.

Shortly after making his purchase, Shopov was contacted by Facebook and instructed to send them the file, give them all the purchase details, disclose whether or not he’d shared it with anyone else, and promptly delete any copies he had. Oh, and don’t tell anyone what happened. We see how that went.

After conducting an investigation, Facebook determined that the information was collected by scraping public information and not through an app as the data seller claimed.

There was a bit of doubt that the information was scraped and not app-provided given that Shopov said that some of the email addresses he checked were not publicly displayed; however, it’s possible that the email addresses were visible at some point.

So what should we take from all of this? Well, if you’re a Facebook user, you should definitely:

• Make sure your privacy settings are configured correctly (aka nothing is "public") to minimize the chances of your personal information being scraped from your profile.


• Pay attention to what apps you install on your Facebook profile and ultimately give unlimited access to your information.

Failure to lock down your Facebook profile could lead to your data being sold, email address being added to a spammer's mailing list, or maybe even the loss of your job.

[via Forbes]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Can People Find You on Facebook By Searching for Your Phone Number?

It’s understandable that anyone who has added their phone number to their Facebook profile and adjusted the privacy setting to “Only me” would assume that the information would be kept private, right?

Well, technically that information is kept hidden. It’s not visible whenever someone clicks your profile and views your information; however, people can STILL FIND YOU by entering your phone number into Facebook’s search bar.

The issue lies with the fact that there’s another privacy setting that seems to overlap the phone number visibility setting under the Contact Info section of your Facebook profile.

The specific setting in question, “Who can look you up using the email address or phone number you provided?” can be found under the “How You Connect” section on the Privacy Settings page. Apparently it is set to “Everybody” by default.



It is recommended that you select one of the other two options, “Friends” or “Friends of Friends” – unless, you know, you don’t mind people performing reverse phone number look-ups on you.

Have you entered your phone number to Facebook? Are you concerned about people searching your phone number on Facebook to find your profile?

[via Sophos]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Phony 'Your Friend Added a New Photo of You' Facebook Notifications Spread Malware

Be careful when rummaging through your Facebook email notifications, folks.

Cybercriminals are spamming out phony Facebook notification emails claiming that a friend has added a new photo of you in their photo album knowing that there’s a pretty good chance users will jump at the opportunity to view what types of photographic evidence their friends have of their everyday shenanigans.

At first glance, the emails look authentic; however I have yet to come across a legitimate Facebook email that comes with an attachment in tow:

Subject: Your friend added a new photo with you to the album

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

Facebook, Inc. Attention: Department 415 P.O. Box 10005 Palo Alto, CA 94303

According to Sophos, the zip archive attached to the email (which is named New_Photo_With_You_on_Facebook_PHOTOID[random].zip) contains malware identified as Troj/Agent-XNN. Total shocker, right?

Truth be told, cybercriminals often use fake Facebook notification emails to spread malware. It was only a few weeks ago that Sophos warned of cybercrooks using fake Facebook photo tagging notifications with malicious links to spread malware, and before that the more standard “missed activity” notification emails were used.

What to Do with Fake Facebook Emails

Did you get a Facebook notification email that you suspect is a fake?

• Do not click on any embedded links.


• Do not download or open any attached files.


• Report the email to Facebook.


• Delete the email immediately.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Malware Requests That You Donate to Charity (So it Can Steal Your CC Info)

It seems the Citadel Trojan has learned a new way to trick victims into exposing their credit card information: by asking them to donate to a children’s charity.

According to Trusteer researchers, this new Citadel malware variant uses HTML injection to present the option to “make a donation” once a user logs into their Facebook account on an infected machine.

Instead of giving the same stale sales pitch for every language, the malware switches up the charity fund depending the user’s country & language settings, focusing on English, Italian, Spanish, German, & Dutch.

English Citadel Malware Attack: Donate to Benefit Kids in Haiti

In the English version of the attack, upon logging into their Facebook account, users are presented with a dialog box asking that they help “serve the poorest child in Haiti” by making a donation:

You can save a life with only $1. When you give to HPC, 99% of every dollar “cash plush gifts-in-kind” goes directly to programs that serve the poorest child in Haiti. We work currently with two orphanages and elementary school, we are seeking donations. Please donate and help us spread the word to your friends, families, etc. Click to donate to make a difference! All you give, they’ll be much appreciated. We appreciate your interest and hope that you will open your hearts and donate to better the lives and futures of those in need. If you have any questions before you donate please do not hesitate to contact us. We treat personal information with the utmost respect for your privacy. Click the button above. Thank you.

Clicking the ‘Continue’ button will bring up a second page with all of the necessary fields to hand your credit card information over to the scammers.



Unfortunately for anyone that falls for this scam, it’s highly unlikely that they’ll actually use any of the money they steal from you to make a donation to a charity.

Trusteer researchers did not say how they came across this specific build of Citadel malware, but previous versions of Citadel have been spread via drive-by-downloads.

To minimize their chances of having their system infected, users are advised to keep their operating system and third-party software up-to-date, run antivirus software (keep those virus definitions current!) and remain vigilant when browsing the web or checking email.

Check Trusteer’s blog for additional information on the Italian, German, Dutch and Spanish versions of this attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+

How to Get Rid of the ‘View today’s photo of the day!’ Posts on Facebook

Over the last few weeks, I’ve noticed an increasing number of random posts offering me the opportunity to ‘View today’s photo of the day!’ in my Facebook news feed.

I knew that these were spam posts, but I wasn’t sure how they were appearing on my news feed.

Naturally, my first instinct was to check what apps were installed on my personal profile – after all, I play my fair share of games on Facebook – however, none of my apps matched the name of the one that appeared to be making these posts.

So, what’s the deal with these mystery spam posts then?

Well, the problem is that one of your Facebook pals has installed an app that has gone rogue.

If you happen to click the option to view the photo, you will be taken to a page offering the option to install that very same app that’s responsible for the spam posts, which in this case is an app named ‘Get Revealed’:

The goal of the app is to give you random yes/no questions to answer about your friends and prompt you to post a vague message on their Wall saying you answered a question about them. However, your friend can’t view your answer unless they install the app and enter a never-ending cycle of having to answer questions about THEIR friends and post messages to THEIR Walls until they earn (or purchase) enough credits to ‘unlock’ whatever answers you (and other) friends have submitted about them.

As you can see, there’s a nice warning on the very first page that ‘This app may post on your behalf, including questions you answered and more.’ So, the app has every intention of annoying your friends one way or another, whether it is with the vague posts that you willingly publish after answering a question or the ‘view the photo of the day’ posts it spits out whenever it feels the need to do so.

Other apps that partake in the annoying ‘View photo/picture of the day!’ posts are:

• All Truths About You


• Truth Game


• Get Revealed (featured)

How do I get rid of the ‘View today’s photo of the day!’ posts?

If you are seeing these spam posts, you have a few ways to go about getting rid of them:

• Notify your friend that they have a spam-spewing app attached to their Facebook profile and kindly ask that they remove it by going to their Facebook Account Settings, clicking Apps in the left navigation and clicking the ‘x’ next to whatever app is causing it (the post will say ‘via [APP NAME]’, so you can tell them the name of the app that needs to be removed).


• Report the App for spamming by clicking the app’s name and then clicking the ‘Report App’ link.


• Hide all stories posted by the app (regardless of who has it installed) by clicking the arrow next to the spam post and selecting ‘Hide all from [APP NAME]’.


• You can also mark each individual post made by the app as spam by clicking the arrow next to the post and selecting ‘Report story or spam’.

If you notice any other apps posting these spam messages, feel free to name them in the comments.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

Facebook ‘Adding Game’: Harmless Fun or Calm Before the Spam Storm?

Are people unknowingly setting themselves up to be spammed on Facebook?

Researchers over at Barracuda Labs have noticed some suspicious activity on Facebook involving (what appears to be) bait accounts luring people into play the “adding game" - which simply involves liking the designated game status, leaving a comment and friending anyone that likes your comment.

Here’s an example of a status welcoming folks to play the game:

Adding GAME" ♥ ^.^

Step 1 : LIKE! This status or i will DELETE your comment c:
Step 2 : - COMMENT! Anything ;) ;) :P ♥ (:
Step 3 : Whoever LIKES! your comment, Add them

Seems like a fairly harmless thing to do, right?

That is, until you notice that every page (or user) that’s initiating one of these “adding games” has an attractive female in the default picture.

Combine that with the fact that every single status update is simply firing up another round of the Adding Game and you might begin to suspect that these are fake accounts focused on racking up subjects for a future spam/scam campaign.

At least, that’s the conclusion that researchers over at Barracuda Labs have reached and I can't help but to agree.

If you happen to come across the “Adding Game” on Facebook, I recommend taking a pass on playing and stick to only accepting friend requests from people you know. Otherwise you could run the risk of having your News feed inundated with spam, scams and updates from complete strangers.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Ignore Requests to "Verify Your Facebook Account" - It's a Scam

Don’t fall for the scam that’s currently circulating on Facebook claiming that you need to “verify your account” or risk having it terminated.

It’s merely a ploy to trick you into installing a rogue Facebook application that will likely be used to collect personal information and help the scam spread by posting messages to your friends on your behalf.

You may first encounter the scam by receiving an app request/notification or coming across a post on Facebook that directs you to a page touting a message similar to this one:

Warning: Announcement from FACEB00K Verification Team. All Profiles must be verified before [date] To Avoid Scams and Scams Under SOPA ACT. The Unverified Accounts Will Be Terminated. Verify Your Accounts By Below Steps.

STEP 1:

Click here to verify

Final Step Click Below:

Complete Verification

Should you decide to follow through with the request, you will be prompted to grant a third-party application access to your Facebook profile.

Of course, tt would be in your best interest to report the app and hit ‘Cancel’ instead.

Did You Already Fall for the “Verify Your Account” Facebook Scam?

If you caught this warning post-app-approval, then I suggest you do the following:

• Delete any posts related to this application from your profile and News feed.


• Remove the app by:
  
  
  
  • Clicking the arrow on the top right of your Facebook account
  
  
  • Click ‘Account Settings’
  
  
  • Selecting ‘Apps’ from the navigation on the left.
  
  
  • Click the ‘x’ next to the offending application.
  
  
  • Press ‘Remove’
  
  
  
  

Be sure to give your friends a head’s up on this scam.

[via ESET]

Don’t forget to like the Hyphenet Facebook page to stay informed about other scams and computer security related news. You can also follow us on Twitter, circle us on Google+ and find us on Pinterest.