- Published: Sunday, 12 June 2016 23:42
I have had a rash of friends on Facebook get their profile cloned in an attempt to get their friends to friend the cloned page and thus gain access to private information.
And my non-techie friends say they have had their profiles "hacked." I want to clarify the difference and let you know why this distinction is important.
If I were to "hack" your profile, account, whatever piece of your on-line presence, this would mean that I have by some means acquired your username and password information and have been able to directly obtain your information and for all intents and purposes "be you." My nefarious actions in your name would be almost undetectable, except for maybe IP address information.
If I were to "clone" some part of your on-line presence (such as Facebook) I would use pictures and text copied from your profile (You can capture almost any image on-line, just right-click on it and "Save Image As...") and create a new similar looking account that will catch the unwary. A classic example is in 1997 when the White House created the web page, www.whitehouse.gov, they neglected to obtain all of the suffixes (.org, .net, .com, etc.) that would also point to that page. So, someone registered www.whitehouse.com (It's not a link on purpose. You'll understand why in a moment), many people, not realizing that the two websites were different, instinctively went to the latter rather than the former because the vast majority of websites are ".com." Once they got there, they found a site that looked remarkably like the .gov site, with the exception that instead of learning about the events of the President, the content of that website was pornography.
Back to the task at hand. This is my suggestion, backed by 40+ years of IT experience and almost 20 of that studying and working on IT security. Yes, everything I am suggesting is a pain in the posterior. However the pain I am suggesting is nothing compared to the pain you will experience if your on-line life gets compromised.
1) Use separate passwords for everything. Because if you use the same password for Facebook and your PayPal account, don't be surprised if your FB account gets hacked (not cloned) your bank account is empty in the next couple of days.
2) Make your passwords complex. It will be a lot harder to hack a password like "Ljy72-$hEH&7" than the three most common passwords, "password," "qwerty," and "12345678."
3) Keep personal information private. If the site requires your birthdate or whatever, make sure the setting is "private" and no one sees it. If it's set to "Friends Only" and you friend a bogus profile, you just gave them that information.
4) In any social media, if a person known to you sends you a friend request, don't just hit "confirm." Go and check out the page. If the person you have been friends with on FB for a long time, yet this friend request if from a profile less than a month old that has no updates, it's bogus. Not "probably bogus," not even "99 44/100% bogus," unless you have been in contact with that friend outside of that social media and they tell you that this is happening, then it's bogus, period.
5) If it's bogus, contact the friend who has been cloned and let them know they've been cloned and tell all of their friends who have fallen for the clone to report THEN unfriend and block the bogus profile. Then you report and block the bogus profile. Below is where you do it:
6) At least once a month, put your own name in the FB (or social media) search box to "find yourself."
Just to show you how innocuous information can seriously compromise you, pay attention:
Many people have their birthdate, the city of their birth and their high school (and/or college) on their profile. If I know where you were born, that gives me the first 5 numbers of your Social Security number ("123-45-6789"). If I know when you were born, that can give me a good idea to start guessing the last four of your Social. I can also get your birth certificate and thus discover your mother's maiden name. I now have access to your financial life.
How many use the security question of "What was your high school mascot?" in verifying your identity if you log into a web page from a different computer? If I know your high school, it will take me about 30 seconds to get that answer.
Be careful out there.