Have you heard about Facebook Protect? It has the look and feel of a scam, but it’s not | #itsecurity | #infosec


Facebook has launched Facebook Protect, an identity protection tool, to select account holders. Its goal is to protect V.I.P.’s from having their account hacked in an impersonation scam.

But its arrival, like all things Facebook, did not leave the launchpad without encountering thumbs down rather than a treasured thumbs up.

The invite looks like a scam and is easy to ignore.

But if you don’t accept the invite, Facebook has a surprise for you. It locks your account until you accept the tool. For those selected V.I.P.s this is not voluntary.

All Facebook Protect does is force account holders it invites to use two-factor authentication when they sign in. That’s usually a text or email you receive that has a one-time code.

The Watchdog commends Facebook for trying to protect some accounts from impersonation scams. But it’s elitist. No plans have been announced to invite the rest of Facebook’s two billion customers. The rest can still join but they have to set up the authentication through privacy and setting tabs. It’s a workout.

Who qualifies?

In its pilot program for Facebook Protect, invitees were political candidates and elected officials. They are the ones most likely to have their accounts hacked, Facebook says.

In recent months, the program was rolled out to citizen activists (Facebook calls them “human rights defenders”) and journalists. (Yup, I got invited the other day, and I acquiesced after I researched it and learned it was real.)

(I did have a slight hiccup that I’ll tell you about later.)

Locked out

Dallas lawyer Carol Donovan received an invite. She theorizes that this is because she endorses candidates and spreads political ideas on the platform. Yet even though she accepted the tool, she still got locked out of her account. She tried to find Facebook customer service by phone. Good luck, right?

She almost made a crucial but common error. She called various phone numbers listed for Facebook on the web. But some of the numbers were fakes. Scammers can easily fool search engines and offer up fake phone numbers. One supposed Facebook number she called turned out to be scammers offering to fix her problem for $200. Fortunately, she figured out the ruse. Thumbs up, Carol.

The first journalist I heard who was invited to Facebook Protect is Dallas Morning News Education Lab editor Eva-Marie Ayala.

“I was stuck in some kind of authentication loop, so I got locked out for a few days,” she says. After trying everything she could to reactivate her account, she finally triggered two-factor authentication. Her account came back.

Why would someone want to impersonate you on Facebook?

KimKomando.com reported last month that a hacked Facebook account can sell on the Dark Web for about $65. With that, a scammer can earn many times more or impersonate a public figure, which causes confusion and the spread of disinformation.

One criteria Facebook says it uses for Protect is that the account holder “has the potential to reach a lot more people than an average Facebook user.”

In its project announcement Facebook said that it is seeking to protect people who are at “the center of critical communities for public debate… who enable democratic elections, hold governments and organizations accountable and defend human rights around the world.”

“Unfortunately, this also means that they are highly targeted by bad actors,” Facebook stated.

Voluntary for others

If you receive an email inviting you to join Protect, it should come from this address: security@facebookmail.com. But that’s one sketchy email address.

Remember that Facebook will never ask for your password in an email, Facebook message or text.

In addition to the one-time code, Facebook Protect lets you choose from two other tools — an authentication app like Google Authenticator or a security key which doesn’t require a code.

If you don’t get the invite, no biggie. You can still sign up for two-factor authentication, an authenticator or a key. The difference is that without an invite it’s voluntary. Your account shouldn’t get taken offline.

When I signed up, something strange happened right away. I received a code for a password reset. But I didn’t ask for one. Was someone trying to hijack my account to sell on the Dark Web? Or was this part of the signup process? When I Inquired, Facebook couldn’t explain this.

Facebook also provided me with instructions about how to check security settings, activate two-factor authentication and check for Facebook Protect. But when I tested these instructions, they didn’t work on my computer.

Am I surprised? Of course not. Confusion is the theme of this report. And that’s why I won’t share Facebook’s directions here. You’d struggle with them and get angry with me. Thumbs down.

It’s tax time!

Sign up for The Watchdog’s 5th Annual Property Tax Seminar. The popular virtual webinar is at 4 p.m. Thursday, April 21. Sponsored by DMN Rewards, it’s free and open to all.

As appraisal notices begin to hit mailboxes and sticker shock sets in, what do you need to know about the latest developments for 2022? We’ll hear from experts.

Signup at propertytaxwebinar.com.

Become a citizen of Watchdog Nation.

Join Dave Lieber and learn to be a super-consumer.

Watchdog newsletter: Sign up for The Watchdog’s FREE weekly newsletter to keep up: click here.

Subscribe: PLEASE support The Watchdog’s brand of straightforward journalism designed to save you time, money and aggravation. Treat yourself to a digital subscription (and make him look good!) by using the special Watchdog code: https://www.dallasnews.com/subscribe/watchdog-1

Watchdog Home Page: You can’t afford to miss The Watchdog’s two reports each week. Follow our latest reporting always at The Watchdog home page which features all recent columns.

Watch this free training video from Dave: https://youtu.be/uhUEUCNKGjc

Facebook: Connect with The Watchdog on our Facebook group. Search for “Dallas News Watchdog Posse.”

The Dallas Morning News Watchdog column is the 2019 winner of the top prize for column writing from the National Society of Newspaper Columnists. The contest judge called his winning entries “models of suspenseful storytelling and public service.”

Read his winning columns:

* Helping the widow of Officer J.D. Tippit, the Dallas police officer killed by Lee Harvey Oswald, get buried beside her late husband

* Helping a waitress who was harmed by an unscrupulous used car dealer



Original Source link

Leave a Reply

Your email address will not be published.

81 − = seventy nine