Keith Watson may receive annual “Happy Birthday” messages on his Facebook wall, but never on the right day.

That’s because Watson — a Purdue information assurance research engineer who recently co-authored a free 14-page Facebook security guide — doesn’t list his real birthday on the popular social networking site.

“As people put more personal information on the Internet, they’re putting themselves at risk, and that’s on top of the biggest security hazards, which are scams and malicious software,” says Watson, who co-wrote “A Guide to Facebook Security” with teacher and editor Denise Weldon and security expert Linda McCarthy, Watson’s friend and former colleague.

“From a security point of view, Facebook is a relatively secure site and protects its internal systems well, but it doesn’t proactively police user content, and that’s where the trouble lies,” says Watson, who works in Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS), an internationally known center for cyber security research.

Published in August, the guide explains procedures for protecting accounts, avoiding scammers, using advanced security settings and stopping imposters. The guide urges users to understand what Facebook is doing to make the site safe and secure and take action to protect themselves and their accounts.

The message is relevant this October as part of ITaP’s campus celebration of National Cybersecurity Awareness Month, but it’s always important to be vigilant about cyber threats on Facebook and other social networking sites, Watson says, adding that at least five or six new scams show up on Facebook every day. Some of these are obvious while others may be complex or sneaky.

“Most scams attempt to gain access to your Facebook account, force you to fill out surveys, send out posts, links or messages that appear to be coming from you but actually redirect people to another site that poses cyber risks,” he says. “There’s a certain amount of trust users have because the scams appear to come from people they know, and it can be pretty easy to fall victim to such scams. Even some security professionals I know have had their private information compromised, so everyone should be cautious.”

When Watson and the other authors wrote the first draft of the security guide a few months ago, there were roughly 500 million Facebook users worldwide. Today there are more than 800 million, a number that grows by the second.

“The bad guys know that not everyone will fall for their scams, but even if one percent of Facebook users click on a bad link, that’s still a pretty big number and that’s all money in the bank for these guys,” Watson says. “The Internet and software are changing rapidly, so it’s vital that people become aware of new risks because they never know when they might be taken advantage of.”

Moreover, Watson says users should stay up-do-date on the site’s constantly evolving security and privacy features to make sure they aren’t exposing sensitive information unknowingly, as most personal information is in an open state by default and requires manual adjustment to stay hidden.

“Some people don’t understand how Facebook continues to exist as a company by offering its services for free,” Watson says. “The truth is that the people on the site are the product, and information about the things they like, their friends and the links they click on is aggregated and provided to marketers who can profit off of that information. You have to make an effort to turn some of these features on or off to protect yourself.”

More Facebook security tips may be found on the ITaP website.  

For more information check out Own Your Space, a book about online safety available for free download. It provides information on protecting computer and other sensitive information that may be listed on cyber accounts. Those who wish to download chapters also have the option to submit their email addresses to receive additional security information.

Additional notes written by Watson on Facebook login approvals and notifications, single sign-ons, one-time passwords and secure browsing may be found online as well.

Student-created IT security awareness posters and a training video may also be viewed online.

Writer: Andrea Thomas, Information Technology at Purdue (ITaP), 765-496-8204, thomas78@purdue.edu

Source: Keith Watson, 765-496-7470, kaw@purdue.edu