Facebook has been shoved into the spotlight for all the wrong reasons this year. A level of mistrust has amounted over the social media platform’s role in the rise of “fake news,” not to mention the company’s missteps in the Cambridge Analytica scandal.
Raw data from up to 87 million Facebook profiles was exposed to researchers at Cambridge Analytica, a firm which had close ties to Trump’s political campaign. After allowing third-party developers to gather information from users and friends of users, Facebook was criticized, and rightly so, for its privacy standards and accountability.
It is perhaps no wonder why Facebook’s popularity is in decline. The platform lost daily users for the first time ever in the US and Canada, dropping to 184 million from 185 million in the previous quarter. Research firm eMarketer also reported a decline in young Facebook users – the platform lost 2.8 million US users under the age of 25 last year. While distrust over privacy and recent data breaches still linger, this general fatigue for the platform can be pinned on other significant factors, some which we shouldn’t shy away from. In this article we discuss Facebook’s less discussed security lapses.
Facebook Messenger Scams
While concerns over Facebook’s data leaks have been at the forefront of mainstream media coverage, scams on Facebook Messenger are becoming more prevalent as scammers have found success in using it to swindle unsuspecting users.
The Better Business Bureau (BBB) recently spoke out to warn users about the increase in scams on Messenger. The BBB told Fox News earlier this year that its Scam Tracker alert “received dozens of reports” about scammers contacting users through Facebook Messenger to promote prizes or grants. Some of these messages appear to come from Mark Zuckerberg himself, informing users that they have just won $750,000 in the Facebook lottery. As such an off the wall character, it’s not hard to believe that Mr. Zuckerberg might throw a little money in the direction of his Facebook users. Sadly, it was a hoax, and users lost hundreds of thousands of dollars after scammers used Messenger to target them, asking for advanced fees or passwords to claim the fake prize.
The New York Times conducted an examination which found 205 accounts impersonating Mark Zuckerberg and Sheryl Sandberg on Facebook and Instagram, not including fan pages. Facebook itself as admitted that around 3% of its users (60 million accounts) are fake. There are obviously major grey areas that complicate this security issue. Until it’s resolved, users will be at risk to lose more than just personal data, but perhaps their cash as well.
Friend Requests
Facebook is a gateway to our most personal data points, photos, friends, feelings, even addresses of events and parties. While we were taught to never speak to strangers no matter who they said they were, in the online world, Friend Requests can be accepted in one simple click.
Reports appeared last year that Facebook has apparently been using the location of users’ smartphones to make friend suggestions. While to some this could be seen as a useful feature for finding new friends they might have met at a party, it can also have serious consequences. A suggested friend has that false pretence of assuming that person is legitimate. However, these “friends” could be anyone users have come in near contact to, including criminals or scammers.
Whether it is through the location of smartphones, or the numerous data points including contact details of friends, Facebook is using insecure methods to find these suggestions one way or another.
Facebook users must even be cautious when accepting friend requests from profiles that look like someone they know. Scammers have been known to clone a Facebook profile by stealing information such as photos, list of friends and personal information to create a new account. Typically they then block the original profile to cover their tracks before sending out friend requests to that profiles connections. These scammers therefore have the perfect way in to start messaging “friends” asking for money or encouraging them to click links that lead to virus downloads.
The social media platform has spoken out about the dangers of accepting friend requests, and has introduced features to help prevent unwanted friend requests and messages, particularly to combat harassment and bullying. However, stories of users being scammed or harassed after accepting requests from profiles appearing to be their friends, or someone they know, are not uncommon today.
News Feed Clutter
Scrolling through Facebook’s News Feed is now a cluttered collection of adverts, videos and un-interesting posts deterring many users from the platform. In fact, aggregated time spent on the social media platform is dropping. This year saw a 24% decline in time spent on the platform per person. However, for the masses that do continue to scroll, what many don’t realise is that phishing scams and viruses lie amongst the News Feed clutter. Even the most tech savvy can be duped for these traps.
Some pose as free items or surveys requesting personal information, customized Facebook apps such as downloading a “Dislike button” or “see who’s viewed your profile”, and even charity requests from friends. The primary goal of these viruses or scam posts is to steal sensitive data, credit card details or trick users into payment. Email remains the number one delivery vehicle for most malwares and phishing campaigns, however they are no stranger to Facebook messenger and feeds.
This year Facebook suffered from a large scale phishing scam which claimed a new victim every 20 seconds. An estimated 10,000 Facebook accounts from around the world were infected after opening messages from “friends” who had mentioned them in comments posted on the social network. The scam had the ability to steal data, change device privacy settings and spread the infection to the victim’s Facebook friends.
In a statement, Facebook said it was improving the amounts of public posts that effectively spam people’s feeds in an effort to surface more “informative” stories. However, in terms of scam adds, in-secure links and even phishing campaigns, Facebook can do little to block them. In fact, Facebook’s algorithms make the lives of affiliate marketers and “shady advertisers” easy by tracking who clicks on the ad and who buys from it, essentially highlighting what kind of person might fall for their con. A Bloomberg article revealed astonishing information earlier this year on Facebook’s close association and awareness of affiliate scammers. The article said that former Facebook colleagues in the Toronto sales office reported that it was common knowledge in the company that some of their largest ad clients were affiliates using deception.
Regardless of Facebook losing its “cool” factor and user count, it is still a popular social media platform for 2.3 billion active users. Fear over users’ privacy and data leaks remain at the root of Facebook’s security nightmare, however a number of other troubling factors plague the social media site. The company’s COO Sheryl Sandberg recently sat before the Senate Intelligence Committee to testify on how exactly Facebook had let foreign entities use the social media platform to influence democracy. A stress was put on Facebook and Twitter’s responsibility to work with Washington to resolve this pressing matter. If Facebook is to win back the trust of its declining usership, the company will need to continue these efforts and better address these security drawbacks.