Recently a colleague forwarded to me an e-mail she received through Facebook:

From: Mark Zuckerberg [mailto:tlelejkomxck@hotmail.com] 

Subject: Attention Facebook User

Hi Friend, 

My name is Mark Zuckerberg, Ceo of Facebook. We have recently partnered up with Apple mackintosh regarding a one-time promotional event today, we are giving away complimentary Apple iPhones and iPads to randomly selected individuals who have been fortunate to be picked as one of our most recent winners for today. We randomly selected users from our systems database and you have matched with our latest drawing. 

We have partnered up with Apple to advertise their most popular product yet, the Apple iPhone and iPad. Once yet again, we are operating this promotion for one-day only. All you need to do is CLICK HERE to check out our site made for this promotion and fill out this short survey to recieve yours for free. Simply make sure you enter your email so we may locate our records to make certain that we have reserved one for you. That is it! 

Congratulations on winning a free Apple iPhone4 and iPad2. If you have any query or concerns, feel free to email me back. However, you need to claim your free iPhone and iPad 1st to ensure one will be reserved for you before the deadline ends. We do understand that you may not receive this email until after the deadline, however, we suggest you check the web site and enter your email to see if we still have got yours on hold, which we often-times do because others have not claimed theirs in time. 

Mark Zuckerberg 

CEO, Facebook 

   Facebook is where over 800+ million users come together, so it's no surprise this social networking site is a prime target for attackers, as the above phishing attack {Chapter 2 Security+ 4ed} shows.  And now Facebook's new Timeline feature presents all of your past and current activities in a timeline available to everybody with access to your profile.  That means your postings, your photos, your comments, your likes, and everything else could be accessible to not only your friends but your co-workers, your boss, and even your future unknown boss.  

   Here are a few suggestions about protecting your profile under timeline:

1. Connections - Start by clicking the arrow in the upper right-hand corner of your profile screen next to your name, select Privacy Settings in the drop-down menu, and click on Edit Settings next to the How You Connect option. There are five privacy settings here.  Settings #1, #2 and #3 control such items as who can look up your profile and see your contact information, who can "friend" you, and who can send you messages. A good approach is to change Settings #1 and #3 to "Friends" so nobody else can see your profile or send to you messages.  Setting #2 is about who can send to you "Friend" requests. Although the most protective option is "Friends of Friends", that will significantly limit your ability to connect to others, so "Everyone" may be your only other option.  Settings #4 and #5 control who can post on your timeline and who can view the posts. Again, there's a choice to be made: "Only Me" is the most secure choice (yet if you are the only one looking at your timeline, why are you on Facebook?) while the "Friends" option still allows for some control. 

2. Tags - Another option in Privacy Settings is "How Tags Work".  Timeline Review and Tag Review let you review posts and photos that your friends tag you in and tags friends add to your own posts before it all goes public. Enabling Timeline Review permits you to view the posts that you have tagged in before they appear on your timeline.  Maximum Timeline Visibility should be set only to Friends (or customized for certain friend lists or networks).  Diabling Tag Suggestions can make it more difficult for Friends to tag a large number of photos of you.  And while you're here, turn off the option regarding whether friends can check you in to places

3. Posts - Why not just limit your posts to Friends or a select group of friends?  You can click the drop-down box next to your status update or shared content and select Friends or a group.

   Stay secure!

http://www.cengage.com/community/infosec