Facebook Scare Tactics Knocked by Security Pro
Have you received a warning from Facebook that your account protection is "very low?" Don't panic. Your security settings may be stronger than Facebook would lead you to believe -- and that's ticked off one security expert. "The suggestion that users' accounts currently have a protection status of 'very low' is entirely misleading and stinks of scare tactics," declared Graham Cluley, a senior technology consultant with security software maker Sophos.
Facebook has been contacting its members for several weeks now with its "very low" security protection warnings. In the alerts, the company includes a link. Click the link and you're taken to a page that requests additional personal information about you. Sound familiar? This is exactly the tactic used by Internet highwaymen to steal sensitive information from unwitting web users and plant malicious software on their computers.
"With fake antivirus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn't), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions," Cluley wrote at Sophos's Naked Security blog.
In order to increase your account's security protection, Facebook asks for an alternative e-mail address, a mobile phone number, and an updated security question. You might be able to deduce what Facebook is up to by those requests. Its security protection warning isn't about security protection at all, but enabling its members to regain access to their accounts should they be compromised.
"There's nothing necessarily wrong with Facebook giving its millions of users a way of verifying their identity should they lose access to their account, but clearly it should have been presented better and more thought should have gone into how this system was implemented," Cluley wrote.
He suggests that a better approach to what Facebook is trying to accomplish would be a message such as, "We can help you recover your account if it gets hacked; want to know more?"
"I'm not going to tell you not to give Facebook the information they're requesting in this 'account protection' push, but I would suggest that you think carefully before doing so," he cautions.