Pay attention to your Facebook privacy settings

Facebook, as Betty White so famously said on Saturday Night Live earlier this month, “sounds like a huge waste of time.” [Watch video here.] But it’s also a way to keep up with your friends, learn more about life around you and — wait for it — have your privacy violated or get scammed.

Dave Lieber explores Internet privacy

Facebook honchos are constantly tinkering with the site’s privacy settings. Recently, Facebook made it harder to log on to the social networking site from a strange computer or cellphone. That’s supposed to stop scammers from stealing your identity and fooling your friends into sending them money because they believe you’re in trouble.

That change didn’t come soon enough for Sergio Haynes of Fort Worth. After his pal’s Facebook account was hijacked, Haynes received an e-mail, supposedly from his buddy, giving the usual story about how his friend was stuck in London after being mugged. The friend needed Haynes to wire $1,500 via Western Union so his friend could get home. Haynes didn’t recognize the popular scam.

“He’s my buddy,” Haynes remembers thinking. “I know he’s good for the money.”

So he sent it.

Only later did he learn that his friend wasn’t in London, didn’t get robbed and didn’t receive the money.

This scam has happened hundreds, if not thousands of times. [Read my earlier Dave Lieber column on this scam here.] Finally, Facebook announced this month that it is doing something about it. The site has created a new feature that notifies users when someone tries to access their account from a device the user doesn’t generally use. Users will receive a warning e-mail or text message.

Facebook will double up the new security check by asking the user on the strange device to identify a birth date or name a friend in a photo.

How does a Facebook account get hijacked? I’ve found two of the most common ways are to leave Facebook open on your computer and not log off, allowing someone else to take over.

The other way is by responding to an e-mail that alerts you that someone is inviting you to join in or look at their photos. To do so, you have to type your user name and password to gain access. Only the e-mail is a fake and the hacker captures your personal log-on information. So it’s best to log on to Facebook at the site itself, not through an e-mail.

But Facebook’s privacy problem goes far deeper than hackers. The company has begun experimenting with ways to make more money by making your information available to third-party Web sites. Facebook has done so much tinkering with its privacy settings in recent weeks that confusion among users is the norm. There are 50 different settings with 170 options. That’s a lot of button clicking to protect yourself from the prying eyes of others.

The New York Times recently created a chart of the privacy settings that was so complex it was nearly indecipherable. The outcry over the complex settings prompted Facebook’s chief of public policy to announce Tuesday, according to the Web site, that, “We are going to be providing options for users who want simplistic bands of privacy that they can choose from, and I think we will see that in the next couple of weeks.”

The ultimate way to protect your privacy on Facebook is to edit what your friends can share about you to complete privacy and set your activity so that only you can see it. Go to “Applications and Websites” under privacy settings and limit them, too.

When Facebook does changes its privacy settings again, pay attention. Facebook shares information about its latest activities at

One problem to watch: Many privacy features require you to opt in rather than opt out. By default, your information is public. So if you do nothing, you may have no privacy at all.


Facebook privacy

Access your security settings by going to “Account” in the upper-right hand corner, then select Account Settings and Privacy Settings.

Keep outsiders from logging into your account by going to Account Settings, then Account Security and change No to Yes for alerts of strange devices trying to access your account. offers a handbook to help you understand privacy settings.

Create a second or “junk” e-mail account using a free service such as gmail or yahoo or hotmail to protect your real e-mail address from spam and hackers.

Learn more at by searching for “Facebook privacy.” Visit the Electronic Frontier Foundation at

# # #

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new 2010 edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is out. Revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

Dave Lieber's Watchdog Nation book won two national awards for social change.

How to use Facebook to teach a lesson to businesses that hurt you

You can use Facebook to strike back at businesses that treat you poorly — or worse — take your money or sell you a bad product. Social networking is a great communications tool to alert other customers and potential customers — and also alert the media and the authorities.

That’s what Teri Wilborn learned after she decided she wasn’t going to take it anymore.

She says she was owed almost $9,000 by a property management company she hired after connecting with the company through Craigslist, an online advertising Web site.

The company withheld money owed her from rent collections and a security deposit on a rental property the company managed for her, she said. She heard that other property owners were also owed money.

A friend suggested that Wilborn start a blog. She had a better idea:

“I think I’ll start a Facebook group page.”This is a Dave Lieber report for Watchdog Nation on using social networking to combat businesses that hurt you.

Six weeks ago she introduced a Facebook group about the company, Texas Lease Houses.

Here’s what happened next:

The group gathered 107 members: “People started coming out of the woodwork,” she said.

They began sharing their stories about how Texas Lease Houses, operating out of a nearly empty shopping center in Watauga, Texas, took thousands of dollars from tenants for monthly rental payments and sometimes failed to pay the property owners.

Facebook group members soon included not only property owners who had signed management agreements with Texas Lease Houses, but also tenants, former employees and vendors whom the company owed money, she said.

“Ninety percent of them say they were hurt by him,” Wilborn said. “Vendors who lost money because he didn’t pay. Tenants who paid money to move into homes that they knew were in foreclosure and still paid him money. Former employees. People who lost their homes in his previous bankruptcy. Some who didn’t read the paperwork correctly.”

Matt Misczak, the owner of Texas Lease Houses, told me in a phone interview Friday that he intends to pay all his former clients what they are owed: “Absolutely, I’m paying the owners out.”

He said he has repaid about $60,000 and will pay $25,000 more.

Misczak said that he closed the company in March and that his customers were instructed then in two letters to contact a Dallas lawyer to make claims. “I didn’t run and hide,” he added.

Misczak, 39, said he hasn’t seen the Facebook site but has heard about it. Wilborn, he said, probably got “anxious” about her money, as did others. He also said bad feelings linger among clients who lost money in his 2006 bankruptcy.

Misczak’s troubles may go beyond financial ones.

Facebook group members began researching his background and posting the results on the free Web site.

This is a Dave Lieber report for Watchdog Nation on using social networking to combat businesses that hurt you.

Matt Misczak courtesy of the Facebook group

They learned that Misczak, a 1988 Richland High School graduate, had his real estate license revoked in 2007. (He lost it for missing required continuing education classes, the state told me.)

Misczak explained: “I had a real estate brokerage, and the brokerage was licensed. I did not lease or list homes. The brokerage had a licensed agent that did that, and the brokerage itself was licensed.”

Facebook “friends” also learned that his company’s registration with the state expired last year, though they said he continued to conduct business. And the group hashed out the inner workings of the now-shuttered Watauga office and Misczak’s lifestyle (he likes expensive cars).

Wilborn, acting as page administrator, began recommending that people file complaints with the FBI, the Texas attorney general, the Texas Real Estate Commission, county district attorneys and police departments.

Complaints came “in a batch” at the Texas Real Estate Commission in recent weeks, said Kerri Galvin, the agency’s director of Standards & Enforcement Services.

“That’s a little alarming,” she said.

The commission said it opened an investigation in March of Texas Lease Houses and whether Misczak was operating without a real estate license.

“Under current laws in Texas, a person can own a licensed real estate brokerage company and not personally hold a real estate license, so long as the owner fully complies with the licensing requirements of the Real Estate License Act, and the owner does not engage in real estate brokerage activity on behalf of the company,” Galvin said.

“Real estate brokerage companies are required to have a personally licensed broker designated as a responsible officer for the company. In this particular case, our investigation

is ongoing and we can not comment on whether or not there was compliance with all of the requirements of the law.”

On April 1, the commission issued a news release titled “Real Estate Brokerage Scams in Dallas/Fort Worth Area.”

The release warned people about people who “represent themselves as real estate agents and real estate brokerage companies but do not hold Texas real estate licenses.”

Property owners, it continued, “claim to have lost large sums of money related to the group’s real estate schemes.”

The release did not name the company or any individual because the commission’s investigation had just begun, Galvin said. But complaints against Misczak “prompted” the statement, she said, “because we wanted to make sure the public was aware that there is a pattern.”

Marcos Castillo, owner of Valcom Mitigation, a loan modification business that operated out of Texas Lease Houses’ offices, is also named in the Facebook group with Misczak and his wife. Castillo said he was not an owner of Texas Lease Houses.

“I feel like there are a lot of uninformed people throwing as big a net and as much mud as they can to see if something sticks for them,” Castillo said.

Stay tuned, Misczak said: “If you’re watching that Facebook page, you’re going to hear that a lot of people are going to get their checks.”

OK, we’re staying tuned.


This is a Dave Lieber report for Watchdog Nation on using social networking to combat businesses that hurt you.

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new 2010 edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is out. Revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

On Facebook, your friends could be your enemies

On Facebook, which last week bragged about its 300th million user and first-time profitability, you have “Friends.” You don’t have “Enemies.”

Or do you? wants everyone to learn some new Facebook terms that don’t necessarily show up in the company’s amazing corporate history.

Compromised account.Dave Lieber Facebook identity theft

Account takeover.

Account hijack.

Definition: term used to describe when an unknown scamster gains control of your account, often resulting in a fairly believable plea to your friends for money to rescue you from disaster.

That’s my definition. Feel free to rewrite in the comments.

Let me show you how it works. This research first appeared in the September 20, 2009 Fort Worth Star-Telegram, the best paper in Texas, in the Dave Lieber column.

* * *

While on Facebook recently, Gary Rifkin received an instant message from his friend Karen Cortell Reisman.

“Hey Kar, how’s it going?” he typed back.

“Not too good at the moment,” she answered.

“What’s going on?” he asked.

“I’m in a deep mess as we speak and I need your financial assistance,” she answered.

She explained that she was in London “and we got mugged at gunpoint.”

“Oh my God,” Rifkin said. “Are you okay?”

“Yes. Cash, credit card and phone got stolen. It was a brutal experience.”

“How are you going to get home?” he asked.

“That is the main problem now. I need your financial assistance.”

“How much do you need?” he asked.

“All I need is $1,300.”

“Where should I send it?”

The address was in London.

“Hang in there,” he advised, a transcript of the conversation shows.

Rifkin never sent the money. He knew he wasn’t talking to his friend but someone pretending to be her. He knew his friend was at home in Dallas.

Reisman, meanwhile, started getting frantic phone calls from friends asking, “Are you OK?”

As she told me later, “It was stunning to see how fast this grew over the course of one day.”

She calls the whole experience “the day I got hijacked on Facebook.”

Reisman uses Facebook as part of her speaking and coaching business. But she couldn’t get into her account because her password no longer worked. She tried to call Facebook’s corporate office in Palo Alto, Calif., but she couldn’t find the phone number. (Note: 650-543-4800)

She found the help page on Facebook that led to a contact form that put her in touch with the security team.

When Facebook e-mailed her a new password, she worried that it, too, was a hoax. But it wasn’t. She got her Facebook page back.

None of her friends sent money, but most called to see whether she was OK. “I was so touched by the concern of so many people,” she said.

In Facebook lingo, her account was compromised, company spokesman Simon Axten said.

Reisman has no idea how it happened. In all probability, Axten said, scammers learned her password through phishing.

That’s when a user goes to a fraudulent Web site that looks like the real thing. The person enters his or her login information, and then the crooks have what they need.

I can see how this happens. Sometimes I get an e-mail on an account that Facebook doesn’t know about. The e-mail asks me to look at Facebook photos. But I’d have to log in to Facebook. I ignore it.

The Facebook spokesman says scammers re-create e-mails that look like ones Facebook sends out. They might say that a friend has commented on your link or that you were tagged in a photo.

“We advise people to be careful when they’re clicking on e-mails, and especially links,” Axten said. “And when they do click on a link, check the URL [Web address]. If it’s not and it’s something else, most likely it’s a phishing site. Be careful.”

He suggests that when a friend claims to be in trouble, test the friend’s identity by asking key questions (“Where did we have lunch together last week?”).

The number of accounts compromised is very low, Axten said, considering that Facebook has 300 million worldwide.

“But obviously the consequences are pretty severe if someone ends up sending money. That’s a significant loss. As a result, we’re taking it very seriously, as we do any security threats.”


Facebook monitors users who start sending out lots of messages or making “wall” posts. Facebook may block or disable the account until the mystery can be solved, he said.

Passwords should be complex, with a variety of letters and numbers.

Reisman changed all her passwords after her experience – for Facebook and for her bank, e-mail, other social media sites and credit cards.

Previously, she said, “I used the same password for everything because life is short and I can’t remember everything.”

Now she keeps a separate list of passwords.

Facebook isn’t as much fun for her now.

“It’s left a bit of a bad taste in my mouth,” she said. “But Facebook came through, in my opinion, because they really did react to the problem in a fairly quick manner.”

Do you use the same password for multiple accounts? Or simple passwords, easy to figure out, like the name of your dog?

Remember that the best password is a combination of letters, numbers and punctuation marks. Always be careful when entering it into any e-mail that is sent to you.

And please feel free to share your detailed stories about similar problems – along with suggestions about how we can protect ourselves in the comments below.

* * *

Learn more about protecting yourself in the national-award winning book about social change, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong. Visit

Facebook Protection TIPS

– Be suspicious of friends who ask for money. Test their identity. Ask others who know them to verify any questionable situations that arise.

– If you see something suspicious on a friend’s account, go to the help link on the lower-right corner of a Facebook page and report it to the Help Center.

– Learn about security tips at

– Choose a strong password and don’t use it for other Web accounts.

– Use an up-to-date Web browser that offers anti-phishing features.

– Run anti-virus software on your computer.

– Reset your Facebook password if you suspect that your account has been compromised.

– Become a fan of Facebook at to get the latest security announcements.

Source: Facebook