5 Business Survival Lessons from Google’s Spying

A few months ago, Google got caught sniffing unencrypted wireless transmissions as its Street View photography vehicles drove around neighborhoods and businesses. It had been “accidentally” listening in on transmissions for more than 3 years – potentially viewing what websites you visit, reading your emails, and browsing the documents you edit and save in the cloud.

Public opinion blames Google, because Google is big and rich and and scarily omnipotent in the world of information domination. It’s fashionable to blame Google. What Google did was, to me, unethical, and they should eliminate both the collection practice and their archive of sniffed data.

But the greater responsibility lies with the businesses and homes that plugged in a wireless network and did nothing to protect it. Don’t tell me that you don’t know better. When you beam unencrypted data outside of your building, it’s no different than putting unshredded trash on your curb – YOU NO LONGER OWN IT. In fact, when you take no steps to protect the data that flies out of your airwaves and into the public domain, you really have no claim against someone taking it. It’s like finding a $100 bill on an abandoned sidewalk – you can claim it or the next lucky person will. Tom Bradley of PC World agrees:

The lesson for businesses and IT administrators is that you have to put forth some effort to at least give the appearance that you intend for the information to be private in order for there to be any inherent expectation of privacy. The burden should not be on Google, or the general public to have to determine whether the data you let freely fly about unencrypted is meant to be shared or is intended for a specific audience.

The Google story illuminates 5 Business Survival Lessons:

  1. This, like so many other business issues, is not a technology problem. The technology to keep out unwanted eyes exists (unless a government wants to tap you) and is accessible and affordable. The problem is human — someone has decided to ignore what they know should be done (especially having read this article)
  2. Private information that you fail to protect is no longer your private information (pragmatically and probably even legally).
  3. In the marketplace of data, just like in business, it is your responsibility to control what you can. Not everything is in your power, but safe wireless transmissions are. Whether it’s trash in a dumpster, posts on Facebook or wireless signals, the responsibility is yours and your business’s, not just Google’s, Facebook’s and corporate America’s. You must do your part.
  4. If you don’t employ at least WPA2 encryption currently on your wireless networks, I can nearly guarantee your data is being watched. And the expense of upgrading is minor compared to the prospect of breach, so lose that excuse.
  5. Prevention isn’t sexy, but it’s profitable. Whether your are preventing data leakage, budget shortfalls, or a heart attack, the key is to do the hard work before it happens.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Facebook Announces New Privacy Settings

Last week we announced that Facebook was changing their privacy settings – again! Well the new changes have arrived and should be active on your Facebook the next time you log in. The Instructions that will lead you through the new settings will be posted at the top of your mini-feed.

By clicking on the Learn More button you will be directed to the Controlling How You Share Page.

This page will contain a long list of descriptions of your privacy settings, what you can control and what is made public and out of your control.  Click Edit your privacy settings to make the appropriate changes to protect your information and what you want to share on Facebook.

Take the time to make sure you go step by step. Missing one option or click could mean sharing more information than you would like. Make sure you visit your Applications and Websites, Block Lists (if there is a specific person you are hiding your page from), and your Basic Directory Information.

Keep in mind, while the ability to understand your privacy settings has been made simpler, the settings themselves have not changed. You are still sharing information with businesses and advertisers with every “like” you click. Your interests are still linked and by choosing friends of friends you are still basically allowing everyone to view your profile.

Also, one of the main gripes about the recent Facebook Changes was the new “Instant Personalization” feature, which provides information about you to Yelp, Pandora, and a new Microsoft service called Docs.com to help them customize your experience. The main issue was that it was turned on by default – and it still is! If you don’t want to share this information, make sure you visit the Privacy Settings for Instant Personalization and turn it off.

Although these settings will help you keep your Facebook Profile protected, it isn’t foolproof. We offer a Facebook Safety Survival Guide that can help you protect yourself and your children online.  The best way to protect yourself while on social networking sites is to limit what you post and use your common sense.

John Sileo helps businesses tackle social networking privacy concerns. His clients include the Department of Defense, the FTC, Pfizer and the FDIC. John also wrote the Facebook Safety Survival Guide. To learn more about having him speak at your next meeting or conference or working directly with your business, contact him by email or on 800.258.8076

Medical Identity Theft Increasing

Medical records are one-stop shopping for identity thieves. There is no need to slowly gather bits and pieces of someone’s personal information – it’s all packaged together: Social Security number, name, address, phone number, even payment accounts. Crooks have received everything from medication to a liver transplant using a stolen identity. And that’s only the tip of the iceberg! More than just medical treatment is at stake. Once a thief’s medical information is entered into your records, it’s extremely difficult to get rid of that information. It’s conceivable, for example, that at a later date, you’ll need a Type A blood transfusion but be given the thief’s Type B with dire consequences.

Identity theft of medical records has more than doubled since 2008, as stated in Javelin’s 2010 Identity Fraud Survey Report. It’s not difficult to imagine the misery that a million Americans have suffered during the past two years when their identities were stolen. And the Poneman Institute, in their National Study on Medical Identity Theft, states that another half million people loaned their insurance cards to uninsured family members and friends. The unsavvy lenders have incurred huge medical bills in this “friendly fraud”.

Larry Ponemon says that, on average, it costs $20,000 to resolve a medical identity theft case. Unlike credit card companies,where the banks incur the losses, the victims often have to pay for the fraudulent care and sometimes lose their health insurance or have to pay higher premiums to restore their accounts. Even though there are HIPAA laws to protect your privacy, not all health care organizations have strict safeguards in place.

The risk goes even further: if someone is treated using your identity, your medical records will more than likely be altered and could compromise your treatment and ability to get service.  According to Larry Ponemon, “stolen medical records offer a complete dossier to get a passport in a victim’s name that could be used for terrorism.”

Ways to Protect Yourself:

  • When you receive an Explanation of Benefits from insurers, read it carefully and save – don’t throw it away even when it says “this is not a bill”! If a treatment date or doctor’s name is not familiar to you, call the insurer and the billing physician to resolve.
  • If your wallet is stolen, contact your insurance company just as you would your credit card company. Don’t carry your Medicare card in your wallet. Carry a photocopy and black out the last four digits of the SS#.
  • Urge your health care providers to ask patients for photo ID’s.
  • Ask your doctors for copies of everything in your medical files, even if you have to pay for them.
  • Monitor your credit report at www.AnnualCreditReport.com. If you see medical billing errors, contact your insurer and the three credit bureaus, TransUnion, Experian, and Equifax.
  • Avoid Internet and storefront offers of free treatment and supplies.
  • Ask for a list of benefits paid in your name and an “accounting of disclosures” which shows who got your records.

John Sileo became one of America’s leading Information Control Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Social Engineering Expert Quoted in CSO Article

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

“I’m trying to inspire employees to care about privacy,” he said. “If they don’t care about it at a human level, they are not going to care about the company’s privacy policy or IT security. You’ve got to get it at a primal personal level.”

Sileo ran through some memorable social engineering scenarios he’s heard during his years as a security lecturer. The first is taken from his upcoming book

Continue Reading Social engineering stories: The sequel

If you are serious about training your staff on social engineering scams, fraud detection and protecting your business from a costly data breach, start with the items above and then bring a professional social engineering expert to your next meeting or conference. Email us for more information or contact one of us directly on 800.258.8076.

Spokeo: Scary Bad & How to Opt Out

I found out a way to get yourself off spokeo.com!

Go to the website and look yourself up, then click on your name… once you have done that copy the URL in your web browser. Now, go to the bottom of the page. In small faded blue text, click privacy (third from the left). At the bottom of this page, you will find an “Opt Out form” link. Select that and then paste the URL link you copied from the page you found yourself on and enter your email and the “I’m not a robot” box. This is a case where I would use a second email account (your designated junk-email account), not your main email to avoid the build up of possible spam emails that follow. It will then send you an email confirmation where you must click the URL to confirm removal.  Voila! You have been removed.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him regarding speaking opportunities directly on 800.258.8076.

Identity Theft of H&R Block Customers | Sileo Group

The number of identity theft victims rose 22% last year! Although it’s important to always protect your identity, tax season makes people more vulnerable to this crime and you should be especially cautious.

H&R Block identity Theft

A recent article in the New York Times uncovers an H&R Block office in the Bronx that was infiltrated by identity thieves (apparently it was not the only office affected).

Last year, Kevin Johns, a construction worker in the Bronx, did his taxes at the H&R Block store on Riverdale Avenue that he had used for the past 20 years or so. The next day, though, he got a call from the tax preparer: his return was rejected because he had already filed. Or at least, someone had filed in his name. That someone helped himself or herself to a $8,499 refund.

Sharon Hawa, a disaster-relief coordinator with the Red Cross and another longtime customer at the same office, had a similar experience. Ms. Hawa said she went to have her taxes done, only to be told that someone had already e-filed her taxes and collected $6,145.

Both Ms. Hawa and Mr. Johns said they were told by police detectives investigating their cases that at least 20 customers of the branch and possibly many more had been robbed by identity thieves who were very likely H&R Block employees. Both said the fraudulent filers used their previous year’s adjusted gross incomes as proof of identity.

Top Tips for Tax Time Identity Theft Protection Safe Preparation

Your greatest risk of identity theft during tax season comes from your tax preparer. In this case it was because they are dishonest, but sometimes it is because they are careless with your sensitive documents. Just ask yourself how easy it would be for your tax preparer or anyone in their office to walk off with a few client folders containing mounds of profitable identity. Here are a few effective solutions:

Choose your preparer wisely

How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau? Don’t be afraid to ask for references.

Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a strong privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?

Asking professional tax preparers these questions sends them a message that you are watching. Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood. When it comes to the case with H&R Block it causes a huge loss of clients due to a damaged reputation.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

[youtube https://www.youtube.com/watch?v=A0fcQyqBtfQ&rel=0]

Top 5 Reasons Corporations Educate Employees on Identity Theft

Why do corporations care (and spend money) to educate employees about protecting personal identity?

After all,  most businesses are profit-driven and only have time and resources to concentrate on initiatives that affect their bottom line. In effect, that is the answer to the question…

Businesses educate their employees and even their end customers on identity theft because it positively affects the corporation’s bottom line (by lowering the costs of data theft). Here’s how organizations benefit:

  1. Minimizing employee downtime. Serious individual cases of identity theft can take up to 600 hours in recovery time. Because banks and creditors are generally open when employees are at work, the employees are forced to recover on company time. Even if they only spend 40 hours during work recovering, this is a huge cost to the company. Roughly 10% of households will have to recover from identity theft at least once this year.
  2. Personal privacy leads to professional privacy. How can corporations expect employees to care about the sensitive information they handle every day (customer data, employee records, intellectual capital) if the employees don’t first respect their own private data? As employees discover how much their identity is worth, they are far more likely to protect the data they handle at work as if it were their own. After all, they begin to understand that next time it might be their identity that is stolen from a corporation.
  3. Corporate data breaches are expensive. Smart corporations understand that safe data is profitable data. Just ask TJX, a company that lost somewhere in the neighborhood of 94 million customer identities (far above what they initially reported) and could spend up to $1 billion recovering from the data breach. Not only are they being sued by customers, but by credit card companies and banks whose customer data has been compromised. Add to this the costs of providing a year’s worth of credit monitoring for every affected individual (a maximum of 94 million X $10 per month X 12 months), the damage it has done to their brand (almost everyone has seen this on the news), the hit taken by their stock and the thousands of hours spent in damage control, and you can see why investing in prevention is wildly inexpensive compared to recovering from a corporate data breach. And corporate prevention begins at the personal, employee level.
  4. Safe and happy employees are good employees. I have found that many corporations out there truly care about the quality of their employees’ lives. In addition, many of them hire me simply because they understand that safe and happy employees are more loyal to the corporation, speak well of the company, remain longer in the organization and drive more business. These companies consider their employees’ financial health to be as vital as their physical health, and it pays off over the long run. Identity theft poses the highest risk to their workers’ financial health.
  5. Educated customers cost less. I often speak to the end customers of corporations (e.g., the clients of a bank, the customers of a financial planner) who improve their security dramatically even when the just follow the basic recommendations in my ID Theft Tool Box. When a bank customer knows how to prevent identity theft, they are far less likely to become a victim and therefore less likely to lose money for which the bank is ultimately responsible. When someone steals your identity and drains your bank account, the bank generally covers the cost. If your identity is never stolen in the first place, neither your nor the bank has the expense.

If you feel that your organization would benefit from increased awareness about personal and workplace privacy, learn more about bringing in an Identity Theft and Social Networking Expert. You can also order you employees the Identity Theft Prevention and Recovery Workbook – All Privacy is Personal – Help them protect your company and your bottom line today!

 

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Tax Time Identity Theft Prevention Tips

Identity theft speaker John Sileo shares his tax-time identity theft prevention tips.

This past week, I have been helping a gentleman recover from the theft of all of his tax records.  Before it is all over, this gentleman will have spent hundreds of hours and thousands of dollars simply preventing any further fraudulent use of his identity. That doesn’t account for any damages already done to his finances, criminal record, medical records or social security benefits. There is very little that is more damaging and dangerous to your identity than losing your tax records. After all, tax records generally contain the most sensitive personally identifying information that you own, including Social Security Numbers (for you, your spouse and maybe even your kids), names, addresses, employers, net worth, etc. Because of this high concentration of sensitive data, tax time is like an all-you-can-eat buffet for identity thieves. Here are some of the dishes on which they greedily feed:

  • Tax documents exposed on your desk (home and work)
  • Private information that sits unprotected in your tax-preparer’s office
  • Improperly mailed, emailed and digitally transmitted or filed records
  • Photocopiers with hard drives that store a digital copy of your tax forms
  • Copies of sensitive documents that get thrown out without being shredded
  • Improperly stored and locked documents once your return is filed
  • Tax-time scams that take advantage of our propensity to do whatever the IRS says (even if it’s not really the IRS asking)

Top Tips for Tax Time Identity Theft Protection Safe Preparation. Your greatest risk of identity theft during tax season comes from your tax preparer (if you use one) either because they are dishonest (less likely) or because they are careless with your sensitive documents (more likely). Just walk into a tax-preparers office on April 1 and ask yourself how easy it would be to walk off with a few client folders containing mounds of profitable identity. The devil is in the disorganization. Effective Solutions:

  • Choose your preparer wisely. How well do you know the person and company preparing your taxes? Did they come personally recommended, or could they be earning cash on the side by selling your personal information. Do they have an established record and are they recommended by the Better Business Bureau?
  • Interview your preparer before you turn over sensitive information. Ask them exactly how they protect your privacy (do they have a privacy policy?). Are they meeting with you in a room full of client files, or do they take you to a neutral, data-free, conference room or office? Do they leave files out on their desk for the cleaning service to access at night, or do they lock your documents in a filing cabinet or behind a secure office door? Do they protect their computers with everything listed in the next section?
  • Asking professional tax preparers these questions sends them a message that you are watching! Identity thieves tend to stay away from people they know are actively monitoring for fraud. Remember, losing your identity inside of their accounting or bookkeeping business poses a tremendous legal liability to their livelihood.

Secure Computers. Last year, more than 80 million Americans filed their tax returns electronically. To prevent electronic identity theft, you must take the necessary steps to protect your computer, network and wireless connection. Additionally, your tax preparer should be working only on a secured computer, network and internet connection. Hire a professional to implement the following security measures:

  • Strong alpha-numeric passwords that keep strangers out of your system
  • Anti-virus and anti-spyware software configured with automatic updates
  • Encrypted hard drives or folders (especially for your tax preparer)
  • Automatic operating system updates and security patches
  • An encrypted wireless network protection
  • A firewall between your computer and the internet
  • Remove all file-sharing programs from your computer (limewire, napster, etc.)

Private information should be transmitted by phone using your cell or land line (don’t use cordless phones). In addition, never email your private information to anyone unless you are totally confident that you are using encrypted email. This is a rarity, so don’t assume you have it. In a pinch, you can email password protected PDF documents, though these are relatively easy to hack. Stop Falling for IRS Scams. We have a heightened response mechanism during tax season; we don’t want to raise any red flags with the IRS, so we tend to give our personal information without much thought. We are primed to be socially engineered. Here’s how to combat the problem:

  • Make your default answer, “No”. When someone asks for your Social Security Number or other identifying information, refuse until you are completely comfortable that they are legitimate. Verify their credentials by calling them back on a published number for the IRS.
  • If someone promises you (by phone, fax, mail, or in person) to drastically reduce your tax bill or speed up your tax return, don’t believe them until you have done your homework (call the IRS directly if you have to). These schemes flourish when the government issues economic stimulus checks and IRS refunds.
  • If anyone asks you for information in order to send you your check, they are scamming for your identity. The IRS already knows where you live (and where to send your rebate)! By the way, the IRS will NEVER email you for any reason (e.g., promising a refund, requesting information, threatening you).
  • To learn more about IRS scams, visit the only legitimate IRS website, which is www.irs.gov. If you are hit by an IRS scam, contact the IRS’s Taxpayer Advocate Service at www.irs.gov/advocate.

Mail Safely. A good deal of identity theft takes place while tax documents or supporting material are being sent through the mail. If you are sending your tax return through the mail, follow these steps:

  • Walk the envelope inside of the post office and hand it to an employee. Too much mail is stolen out of the blue USPS mailboxes and driveway mailboxes that we use for everything else to make them safe.
  • Send your return by certified mail so that you know it has arrived safely. This sends a message to each mail carrier that they had better provide extra protection to the document they are carrying.
  • Consider filing electronically so that you take mail out of the equation. Make sure that you have a well-protected computer (discussed above).

Shred and Store Safely. Any copies of tax documents that you no longer need can be shredded using a confetti shredder. Store all tax records, documents and related materials in a secure fire safe. I recommend spending the extra money to have your safe bolted into your home so that a thief can’t walk away with your entire identity portfolio. Make sure that your tax provider appropriately destroys and locks up any lingering pieces of your identity as well. Tax returns provide more of your private information in a single place than almost any other document in our lives. Don’t waste your tax refund recovering from this crime.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Experts after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Privacy: Hide from Google

The New York Times recently published an article that discusses the severe changes Facebook has made to privacy settings. This is the last post on these changes and each post gives you details on how to manage these new settings so that you can gradually accumulate your Facebook Privacy.

What Can Google See? (Keep Your Data Off the Search Engines)

When you visit Facebook’s Search Settings page, a warning message pops up. Apparently, Facebook wants to clear the air about what info is being indexed by Google. The message reads:

There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile. They will still only see a basic set of information.

While that may be true to a point, the second setting listed on this Search Settings page refers to exactly what you’re allowing Google to index. If the box next to “Allow” is checked, you’re giving search engines the ability to access and index any information you’ve marked as visible by “Everyone.” As you can see from the settings discussed above, if you had not made some changes to certain fields, you would be sharing quite a bit with the search engines…probably more information than you were comfortable with. To keep your data private and out of the search engines, do the following:

  1. From your Profile page, hover your mouse over the Settings menu at the top right and click “Privacy Settings” from the list that appears.
  2. Click “Search” from the list of choices on the next page.
  3. Click “Close” on the pop-up message that appears.
  4. On this page, uncheck the box labeled “Allow” next to the second setting “Public Search Results.” That keeps all your publicly shared information (items set to viewable by “Everyone”) out of the search engines. If you want to see what the end result looks like, click the “see preview” link in blue underneath this setting.

Read more from the New York Times article that discusses the Facebook settings that every user should be aware of. Be proactive about what you share on Facebook and protect your online privacy!

Read The first 2 articles –

Facebook Privacy: Videos, Photos, and Status Updates

Facebook Privacy: Your Personal Info

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Facebook Privacy: Your Personal Info

The New York Times recently published an article that discusses the severe changes Facebook has made to privacy settings. This is the second post on these changes and each post will give you details on how to manage these new settings so that you can gradually accumulate your Facebook Privacy.

Who Can See Your Personal Info?

Facebook has a section of your profile called “personal info,” but it only includes your interests, activities, and favorites. Other arguably more personal information is not encompassed by the “personal info” setting on Facebook’s Privacy Settings page. That other information includes things like your birthday, your religious and political views, and your relationship status.

After last month’s privacy changes, Facebook set the new defaults for this other information to viewable by either “Everyone” (for family and relationships, aka relationship status) or to “Friends of Friends” (birthday, religious and political views). Depending on your own preferences, you can update each of these fields as you see fit. However, we would bet that many will want to set these to “Only Friends” as well. To do so:

  1. From your Profile page, hover your mouse over the Settings menu at the top right and click “Privacy Settings” from the list that appears.
  2. Click “Profile Information” from the list of choices on the next page.
  3. The third, fourth, and fifth item listed on this page are as follows: “birthday,” “religious and political views,” and “family and relationship.” Locking down birthday to “Only Friends” is wise here, especially considering information such as this is often used in identity theft.
  4. Depending on your own personal preferences, you may or may not feel comfortable sharing your relationship status and religious and political views with complete strangers. And keep in mind, any setting besides “Only Friends” is just that – a stranger. While “Friends of Friends” sounds innocuous enough, it refers to everyone your friends have added as friends, a large group containing hundreds if not thousands of people you don’t know. All it takes is one less-than-selective friend in your network to give an unsavory person access to this information.

Read more from the New York Times article that discusses the Facebook settings that every user should be aware of. Be proactive about what you share on Facebook and protect your online privacy!

Order your copy of the Facebook Safety Survival Guide to make sure you and your children are protected online.

John Sileo became one of America’s leading Social Networking Speakers & sought after Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.