POSTED: Tuesday, November 3, 2009 - 10:20am
UPDATED: Wednesday, February 17, 2010 - 3:25pm
Experts offer tips for keeping you safe on Facebook...
Sixteen-year old Keegan Donahue and his sister, 15-year-old Rylee, are active Facebook users.
Their parents, Mike and Andrea, also sign onto Facebook and monitor the family activity.
They were surprised to learn how vulnerable they were.
"Part of the reason I have a Facebook page myself is that I can be friends with them and see what they're putting on there and who there friends are," says Andrea.
The Donahues agreed to have us security check their Facebook pages, but we used a covert method.
When we sat down with them for a family interview, we asked if anyone knows Cindy Jefferson. Andrea, Keegan and Rylee all said "no."
When we informed them that all three accepted someone named Cindy Jefferson as a friend the day before, they were shocked.
It turns out they thought the stranger might be a friend from another community they lived in years ago, so they accepted, intending to check Cindy Jefferson out more closely in the days ahead.
Cindy Jefferson was actually created out of thin air by two guys in a small office.
Matt Churchill and Jim O'Gorman work for Continuum Worldwide, an Omaha company hired by banks and corporations to keep hackers out of their computer systems.
The good news is they can be trusted.
Churchill knows firsthand through his work about Web users who cannot be trusted.
"You have to expect that anything you put on line, anybody can see. Don't put it on line if you're not willing to have the creepy guy at the bus stop watching you."
In this case, Churchill and O'Gorman are not creepy guys, but they were watching the Donahues through their fictional Facebook connection, Cindy Jefferson.
And they found some information that made the Donahues uncomfortable.
"Matt and I went through the accounts and found a number of events, family travel, speaking about going out of town, going to Dallas over this time period," says O'Gorman.
It's information that could be used by someone with bad intentions.
Ironcially, the Donahues had discussed as a family not to publish that type of information.
"We told them not to put any upcoming trips, only to comment after they get back home," says Andrea.
The security experts from Continuum Worldwide advise all Facebook users to share information about personal events after the events have taken place.
Other information to keep off your Facebook page include your e-mail address, your full name, your birthday and even the name of your pet.
"There is a criminal mindset and if you're not thinking as a criminal, you may post something that seems fairly innocuous, but it can be used by somebody else," says Churchill. "If you post it, assume it's public and if somebody is motivated enough, they're going to be able to use it against you."
On the subject of passwords, Churchill explained how an e-mail address given out on Facebook can be used to invade a person's privacy.
He says a person with bad intentions who gains access as your friend can set up a Web site with malware (short for malicious software), send the link to you and encourage you to click on the link and in the process access your computer can be gained.
"With that software, a bad guy can plant a key logger on your computer that records your every stroke and it could capture passwords," says O'Gorman.
That in turns he says, "Would give them access to your mail accounts and to your bank accounts, to any number of sensiitive items."
"You just have to be careful in what you post and accept a certain amount of risk that whatever you do post is public knowledge to everybody, even if you have your profile locked, it could leak out through one of your friends," says Churchill.
The Donahues were repulsed by Cindy Jefferson's invasion of their privacy.
They quickly deleted her from their friends list after our interview.
At the same time, the overall review of the Donahue Facebook pages by our security experts from Continuum Worldwide was favorable.
They especially applaud the parental involvement.