The Facebook Giveaway Scam

1410308663747

You must’ve seen it before: Pages on Facebook claiming to give away FREE iPads, iPhones, and other Apple accessories. That’s right, FREE! Did I mention it was FREE? All you need to do is Like and Share the Page with all your friends and you’ll be automatically entered into this FREE giveaway! Simple, right? So what are you waiting for?

STOP!!!

Before you agree to any terms and conditions set out by this “altruistic” Facebook Page, just note one thing: IT’S ALWAYS A SCAM! Unless you see news from an official Apple source and not just some Page that was created a month ago (that’s right, check the creation date of the Page!), your default reaction should always be “It’s a scam!” Every. Single. Time.

So what do they get out of someone just sharing a Page? Information about you, and everyone you get to share. How? Take a look at this section here:

Share What do you suppose happens when you click on the number of shares so far? It shows you a list of everyone who shared the Page, image, or post, which in turn gives you access to any public information on those people’s accounts, including geographic location, email addresses, websites, and even phone numbers. In the world of scam artists, this type of information is absolutely crucial, especially when the old method of acquiring that sort of information requires the purchase of mailing lists, which can be unreliable and expensive. By participating in these Facebook scams, you’re literally helping the scam artist! So what comes next after your Like and Share? Most likely they will have a link for you to click on that requires you to fill out a simple survey to enter completely. Like so:

Giveaway

Notice that the top three “offers” you have to complete involves installing something on your computer. Any time anyone tells you to install something so that you get something else for free, they’re either scammed or trying to scam you. The rest are surveys you need to fill out, which requires you to enter your email address, name, phone number, physical address, and date of birth. Getting this type of info from you is every scam artist’s wet dream! Not only that, let’s take a look at the privacy policy of these so called “survey” and “contest” sites:

privacy noticeShown above are the last 3 segments of a long privacy policy that basically says that you’re agreeing to let them sell or transfer your personal information to anyone, including third parties, if their company ever gets bought, merges with another company, creates an alliances with another company, etc. Oh, and also they can change their Privacy Policy at anytime without notice to you, because the onus is on YOU to come back and check the page. Any legitimate company or website worth their salt will send you a notice via email.

These types of scams are incredibly effective because they take advantage of the hype built up by official companies like Apple, who spent millions of dollars to generate hype and demand. Scam artists take advantage of this by using powerful and enticing terms like “FREE” (notice the all caps for emphasis), and “Giveaway”. Everyone wants free stuff; it’s a very basic marketing tactic that’s been around as long as commerce. Don’t participate in it. The battle to end the trade and sale of your personal information begins with you! Be mindful of marketing language, and more importantly, always be aware that scams are still a rampant problem. Every new social platform gives these crooks and criminals a new way to implement their old tricks. Remember: in the world of social media, protecting yourself also means protecting your friends and family.

Advertisements

On Passwords, Backups, and Encryption

The Passwords

It’s always worth mentioning again the importance of having a strong password in favor of one that’s easy to remember. Your personal information should never be something you risk for the sake of convenience, especially when your credit history and personal savings can be put at risk. Just keep in mind that a strong password does not necessary mean a complicated string of unrelated letters, numbers, and symbols. Unless you’re protecting sensitive government information, your password can have special significance to you, and yes, you should include different cases, numbers, and symbols. These types of passwords are almost ubiquitous in most sites that require you to create an account. No, they’re not there to discourage you from joining or make the process unbearable. These precautions are put in place with the very specific purpose of protecting your personal information. The problem is people tend to input the very minimum to meet the requirements, nullifying the original intent of privacy and Internet safety! Just take a look at the 25 most common passwords of 2013 from CBS and you’ll see what I mean. Keep in mind that even simple passwords can be made more difficult to decipher. The word “password”, for example, can be written as “P@5sW0rD”. Here we capitalize the letter “P”, use the “@” symbol to represent “A”, use TWO separate characters for “S”, and a zero for the letter “O”. Combine this with the rule “Every other regular letter has to be capitalized”, and a once simple (and most common) password is now one that is far more difficult to crack. For the sake of clarification, never use the word “password” in any way, shape, or form. Pick something with personal significance and add a string of numbers that you’d always remember, like the month and day of your children’s birthdays.

Note: Be wary of any Internet service that will send you your password if you click the “I forgot my password” button. If they do, it means your actual password is on file somewhere, which means that it can be stolen. Any website worth its salt will have a “Reset your password” function, which means that the passwords you choose are heavily encrypted, and not even the owner of the website knows what it is. Here’s a video explaining how that works:

The Backup System

The Cloud is the latest technology for securing important data, and many tech companies have jumped on board. They claim that by putting your storage space online and separate from your device, that device can be made smaller or have room for other emerging technologies, causes less environmental damage, and runs faster. But how safe is your data? Many people were quick to claim a failure in Apple’s iCloud services for the recent theft and distribution of many celebrities’ private photographs. According to Apple, the iCloud system was not breached; the data was stolen by targeting the username, password recovery, and security questions. Keep in mind that this isn’t anything new! This has always been the very first step in stealing passwords and identities online! It is by far the simplest and most effective method. So what does it come down to? STRONGER PASSWORDS! This cannot be stressed enough! If you’re constantly paranoid about your photographs and personal data, you can always opt for the original method of storing your data: external hard drives. You can keep a backup of your computer on it, and while it may require you to periodically update it manually, the only way that data can be stolen is if you are careless online (say with poor passwords) and somehow allowed a virus into your main computer, or if someone broke into your home and stole your computer and/or hard drive. In which case you can protect yourself with encryption programs.

The Encryption Method

Encrypting your computer might seem like you’re going a little too far, but for those who are absolutely serious about keeping their data safe from prying eyes, it’s an absolute necessity. With free-to-use programs like TrueCrypt (no longer maintained), you can encrypt your entire computer or partition the drive so that sensitive information cannot be accessed without the proper password or key. Even if someone did get their hands on your machine or hacked into it externally, the data you’ve encrypted would be useless and all but impossible to decipher. Whether or not your data is important enough for this safety measure is entirely up to you.