Securing your Facebook account from unwanted data leaks and phishing attacks

It’s no secret that when it comes to free services, our personal information and habits is the preferred method of payment.
Facebook of course can be considered the leader in monetizing user data and there’s a well-hidden setting that can be disabled to help protect your information from third parties, which if left in the open, can leave you vulnerable and exposed.

The setting, which is enabled by default, is called Off-Facebook activity. Facebook describes it as “Off-Facebook activity is a summary of activity that businesses and organizations share with us about your interactions, such as visiting their apps or websites. They use our Business Tools, like Facebook Login or Facebook Pixel, to share this information with us.”
What this feature essentially means is that when you select to log into third party sites with your Facebook account, there is now a link between your Facebook account, and the information exchanged with and retained by that third party.

While Facebook has a virtually unlimited cyber security budget, the third parties with whom this data could be shared, may not.
This can leave you, or your employees data exposed, if a breach were to occur on the third party servers.
This data can then be sold on the dark web, and weaponized against the user, and company.
A bad actor can weaponize the information to launch a targeted phishing campaign, gain access to a corporate account, launch Ransomware or get away with a successful wire transfer scam.

A targeted Phishing attack campaign is one where users are targeted by e-mails that are made to appear as if they are legitimate based on social engineering. These e-mail often either carry a payload with Ransomware, or a link to a Phishing site.
Once the user visits the site, they are asked to “log in” to view the information, only to be redirected to a file with a Ransomware payload. If the user opens the Ransomware on an unsecured workstation or network, all the files are locked and held for a ransom payment, commonly made in bitcoin. Meanwhile, their user credentials have just been provided to the hacker(s) so they can gain access to their e-mail account.

They can also attempt to brute force and breach unsecured accounts, using the information to guess possible passwords. This is why Multi Factor Authentication is critical and must be enabled, always and everywhere.
If they gain access to a user’s corporate e-mail account, they can begin to listen in on the user’s e-mail conversations with their family, co-workers, and even the CEO. And after they feel comfortable, they begin to impersonate the user and e-mail others in order to have them execute a wire transfer, or target the user with spoofed e-mails from the CEO, requesting a wire transfer.
By the time the target realizes they have been scammed, the money is long gone and often irrecoverable.

Which brings us to the Off-Facebook activity feature. One that is enabled on your account by default.
Facebook describes it as “Off-Facebook activity is a summary of activity that businesses and organizations share with us about your interactions, such as visiting their apps or websites. They use our Business Tools, like Facebook Login or Facebook Pixel, to share this information with us.”
What this feature essentially means is that when you select to log into third party sites with your Facebook account, there is now a link between your Facebook account, and the information exchanged with and retained by that third party.

You can follow the below steps to disable this feature on your account and stop the data sharing that can lead to disaster:

New Facebook

1. Click  in the top right.
2. Select Settings & Privacy > Settings.
3. Click Your Facebook Information at the left column.
4. Click Off-Facebook Activity to review. From here, you can also click Manage Your Off-Facebook Activity for more information. You’ll be asked to re-enter your password.
5. Click Clear History.
6. Click Manage Future Activity.
7. Review the prompts and switch off Future Off-Facebook Activity.

Classic Facebook

1. Click  at the top right of Facebook and click Settings.
2. Click Your Facebook Information at the left column.
3. Click Off-Facebook Activity to review. From here, you can also click Manage Your Off-Facebook Activity for more information. You’ll be asked to re-enter your password.
4. Click Clear History.
5. Click Manage Future Activity.
6. Review the prompts and switch off Future Off-Facebook Activity.

This will change your browsing experiences a bit less personal, but that is exactly the point.

If this information is giving you nightmares and making you feel less than secure, that’s OK!
We dream of these nightmares so we can best help secure our clients’ networks, so they can spend less time managing their technology and more time benefiting from I.T.
Schedule a quick session with us today, to see how we can help you be secured.

Don’t forget to Subscribe to our newsletter to get tips like this and more.