Q: Facebook recently announced a new service, Facebook Gifts, that allows users to send Starbucks gift cards, Magnolia Bakery cupcakes, GUND teddy bears and other knickknacks for events like birthdays, job promotions and anniversaries. (The Palo Alto, Calif., social networking giant has plans to add more types of gifts every day.) Are there any risks from a cybercrime or identity theft perspective that new users should be aware of?
A: The gift recipient will be required to enter their physical address upon receiving notification that they have been given a gift. Users need to be especially cautious of fake emails claiming to be from Facebook. I's always a gamble to provide personal data to a company storing information, and especially to a social networking site so highly scrutinized for its privacy practices. There is strong potential for malicious, spam emails to be generated, like "You have just received a Facebook Gift, please click here to redeem." We see instances like this all the time, and the link included usually opens up to a website exposing the user to malware.
With its new offering, too, Facebook will start collecting more credit card and banking information than ever before. There are a lot of unknowns, but it could be the missing piece of the profile puzzle. Facebook stores an enormous amount of information about its users, and the volume of data is growing. If the company gains personal financial information, it may know more about you than nearly any other company. Tha's putting a lot of trust in one business. If Facebook ever were hit by a cyberattack and information fell into the wrong hands it could be catastrophic for millions of people.
But it doesn’t take a large-scale attack for damage to be done. Most people are willing to offer their personal information, and gifts could possibly help facilitate that. More users may be apt to reveal their birthdays in their profile now that there’s a gift incentive. Birthdays often are used to verify a customer’s identity, so i's valuable information for identity thieves. Anytime you provide information to complete the mosaic of your life, you’re putting yourself in harm’s way.
“Card not present” fraud is a big issue, leading many merchants to ask for the security code on the back of your card. Will Facebook also ask for the security code for your credit card? Anytime you provide information, you expose yourself to the possibility of being compromised. The question is how extensive will that exposure be? For most of us, i's a lot bigger than a gift card or fancy cupcakes, of that I’m sure.
An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.