While on the subject, you should review your privacy settings in FACEBOOK.
By way of an example, This part's for you. Last week, I was the lucky recipient of a notification that looked just like this:
Pretty innocent right? WRONG! Very, very wrong. First, this particular person is in my "Business Only" friend list (I've covered their last name for privacy) and we've never had a conversation, let alone 'oooh'd and aahhh'd' over each others photos. Second, look at the wording for the notification. It says Matthew XXXXX "commented on your photo". What's strange about that you ask? This is what it looks like when someone really comments
on one of your photos through the Facebook utility:
Subtle, but important. The Facebook phrase is "made a comment about your photo"
Your first inclination would likely be to see which photo someone has commented on right? Well in the rogue application, notice that only the word "photo" is hyperlinked. In the Facebook utility, the words "your photo" are hyper linked.
What should happen when you click "photo" or "your photo"? When all is right in the world, once clicked, you should be taken immediately to the photo that was commented on. However, with this rogue application, you're taken to this screen:
And this is where it gets dangerous. Of course I didn't hit the "Allow" button, but this is where the malicious nature of the app takes place. If someone were to click "Allow", identity information, malicious sites and viruses are all possibilities for results. There are a couple of things about this that should make you feel a bit unsettled.
- First, the name of the app is strange in that only the first letter of the title is capitalized.
- Second, there is no graphic (image) for the app.
- Third, it's only got a rating of 1 star.
Now a 1 star rating does not automatically mean that an app is bad, but it should give you some room for pause. After all, isn't social media all about a user-generated environment? If your peers only give something 1 star, they may be on to something. And lastly, there is no general description of what
the app is intended to do.
Remember that old saying: "if you have to ask, you can't afford it"? Well apply similar logic to apps not built by Facebook by saying to yourself: "if they won't tell me what it does, I don't want it."
This is what a valid app "Allow" screen should look like:
You can always do an apps search to see what you can learn about a particular app prior to allowing access by going to the "Applications"button located in the lower-left corner of Facebook and clicking the"Browse More Applications" link and then typing in your keyword(s) into the search box (the one with the mini magnifying glass).As a matter of fact, we did an app search for "Tag a pic" and this was the result:
Let me state that the result is not "Tag a pic", but thedevelopers of fbquick may have utilized those words in their description. It seems that "Tag a pic" does not exist in the registry of Facebook applications which should give you your definitive answer that this was indeed a rogue application.
Here are some questions to use when evaluating whether or not an app is dangerous.
- Who did the app invitation come from? Are they a true friend or acquaintance (if you don't know the person at all, don't accept an app invitation plain & simple)? If they are, is the type of app that they sent characteristic of their normal behavior?
- Does the title of the app look strange? Is the app something you've never heard of before? Does the app provide you with a detailed description of the intended purpose? Have you used the FB search apps function to better e-search?
- Do the developers of the app disclose who they are?
- If you hover your mouse over it does the url show up? Does the url look strange?
One final word, no offense to anyone sending me invites to Facebook Apps. I don't have time to follow my own advice so I just do not accept invites to FACEBOOK apps. just don't have the time.
Posts
No comments:
Post a Comment