U.S. Markets open in 7 hrs 34 mins

How to protect yourself from Russians, and worse, on Facebook

Rick Newman
Senior Columnist

While researching fake Facebook accounts for a recent story I wrote, I got a friend request from “Ruth Margaut” of Aquitaine, France. Since I didn’t know Ruth, I deployed a new trick I had learned: I downloaded her profile picture to my desktop, then did a reverse image search to see if her photo popped up anywhere else on the Internet. Bingo — it appeared to be a photo of a Romanian actress named Dana Hauer. Since fake accounts often use photos of real people to look legitimate, I knew some kind of scammer was after me.

They’re after a lot of other Facebook users, too. In late 2016, Facebook CEO Mark Zuckerberg said it was “crazy” to suggest that fake news propagated on Facebook helped influence the U.S. presidential election. He was wrong. The social-media giant now acknowledges that bogus or inflammatory messages planted by Russian interests reached 126 million Facebook users since the beginning of 2015. Meanwhile, Macedonian teenagers have run numerous Facebook pages — supposedly on behalf of Sen. Bernie Sanders and other American politicians — simply because they earn money driving users to sensationalist third-party sites. Shady marketers operate similar schemes on Facebook to sell lipstick, pet toys and just about everything else. In my own research, I found gobs of fake news on the platform that was falsely labeled as “Breitbart” or “MSNBC,” and discovered that just about anybody can purchase fake Facebook accounts online for as little as $1.50 apiece. Some sites offer them by the hundreds.

I’m a sporadic Facebook user and a fairly careful citizen of the web. But my discoveries while reporting on the exploitation of Facebook, Twitter and other social-media sites has convinced me to be a lot more careful.

Here are 11 guidelines from online security experts for making sure you aren’t duped or manipulated by the scammers and schemers on Facebook and other social-media sites:

Purge your “friends.” Savvy social-media users know not to accept friend requests from people they don’t know. Yet, at least 20% of Facebook users still do, and more than 60% accept such requests if there’s a friend in common (which scammers know). Then there are friends from the past. I reviewed my own Facebook account and found a few hundred people I didn’t know but had connected with way back when — probably back in the days when there was status in the number of friends you have. No more! I unfriended people I didn’t recognize and sharply cut my friend count. It’s a good idea to do this for LinkedIn as well, since scammers lurk there, too, and sometimes even try to conduct corporate espionage on the site.

[Take our poll: What do you think of Facebook?]

Stop signing into other sites or apps using Facebook. Do you really want Facebook to know your dating habits, political interests or medical concerns? I don’t really mind if some websites know I’m shopping for a toaster or pair of shoes. But Facebook’s data vacuum has become so powerful that the site can now target ads at people who are persuadable on a given issue — including whom to vote for, or even whether to vote. And all those sites that offer a convenient logon via Facebook add to the dossier Facebook has on each user. For me, that goes too far. I stopped using Facebook to log into other sites, and I’m planning to de-link sites where I’ve already done this in the past. (On Facebook, you can go to Settings >>> Apps to see which sites or apps are linked with your FB account, and delink.)

Keep your personal info personal. I never tell a site or app my real birthday, unless it’s required for security reasons at, say, a bank. I withhold as much other info as I can, to limit the data Facebook or any site can mash together to build a thorough profile of me. But it’s hard. People who know my real birthday want to offer good wishes on Facebook, when the day arrives — even if I ask them not to. And I’ve given different birth dates to different apps that are now linked with Facebook. So while Facebook may not know my real birthday, it probably knows the date I did give is phony, because it doesn’t match with the birth dates I’ve listed elsewhere.

The profile picture for “Ruth Margaut” appears to belong to a Romanian actress. This account has no friends and provides no personal information — classic signs of a fake.

Avoid quizzes, surveys and games on Facebook. The site can use them to add to its knowledge of you, your personality, your private preferences and other things you may not realize.

Set up a dedicated email address for Facebook. Donald Trump’s presidential campaign ran a sophisticated advertising operation on Facebook last year that targeted certain ads at Facebook accounts linked with email addresses the campaign had gathered when people signed up for information or sent in donations. In other words, once the campaign had your email address, it could target you on Facebook. And it could easily have purchased additional email addresses of people, say, who showed interest in Sanders. That was completely legal, with no known connection to Russian efforts on Facebook. But some users may not want to be targeted on Facebook based on what you do elsewhere in your life. Keep in mind, Facebook knows all the email addresses you’ve ever used on the site, and setting up a new one won’t erase any old ones you’ve used. It might be better to relegate an old address to Facebook and set up a new one for use elsewhere.

Double or triple your skepticism. Facebook has established some new tools to identify lies and fakery, but it remains very permissive of suspect content, simply because so much is a matter of interpretation. Obviously, any post that carries Facebook’s “disputed” mark is suspect. The more sensational a post sounds, the more skeptical you should be. And you should also consider the original source of any info posted on Facebook. The worst third-party news sites are ones you’ve never heard of that are clogged with ads. Study what MSNBC.com or FoxNews.com look like, and note how schlocky fake news sites look by comparison.

I purchased this fake Facebook account online for about $4. Facebook shut it down after I wrote it about it on October 23.

Be extra careful not to like or share anything that might be fake. “Fake news thrives on confirmation bias,” says Tim Chambers, who runs the digital arm of the consultancy Dewey Square Group and authored a recent paper on the malicious use of social media. “Think twice and read the source before forwarding or liking or sharing — especially if friends share articles that you agree with.” Scammers know that such endorsements greatly enhance the believability of fake news, and that a single endorsement by a careless user can generate many more. That’s how they exploit the supposed wisdom of the crowd.

Report fake news to Facebook. You can do so here.

Get better at spotting fake accounts. Anybody can do the sort of reverse image search I used to check out “Ruth Margaut.” On a PC or laptop, hover your mouse over the user’s profile photo — the smaller one at the top — and right click. Choose “save image as” and download it to your computer. Then do a web search for “reverse image search,” choosing a provider such as Google or Tineye. Then just follow the instructions for how to drag a photo into the search bar. If the photo turns up on other sites, check to see if it’s identified as a different person. If so, it’s highly likely you’ve identified a phony.

Fake news. This unverified MSNBC page claims Trump published a tweet he never did.

Look for other telltale signs of fakery. Maybe you want to “like” a business, but first you want to make sure it’s legit. You can get a good idea by quickly perusing the number of likes and the frequency of posts. “It’s very common to see a small ‘business’ with over 1 million likes and very little actual content,” says Ophir Gottleib, a technologist and CEO of Capital Market Laboratories, a financial research firm. “That’s an obvious sign of chicanery.” That’s because it’s possible to pay third-party operators to drive up an account’s likes on Facebook. Other fishy signs, which apply to both business and personal accounts: few friends or photos, very little interaction with connections, or a stream of posts that all seem to be linked to a single source.

Share insights with your [real] friends. Social-media algorithms change all the time, and so do efforts to exploit them. If you notice something new — and you’re sure it’s real — spreading the word can alert others to tricks they should be aware of, or services that might improve their experience. And when in doubt, trust your gut, at least as much as you would in the real world, and probably more; if it seems bogus on social media, it probably is.

Confidential tip line: rickjnewman@yahoo.com. Encrypted communication available.

Read more:

Rick Newman is the author of four books, including Rebounders: How Winners Pivot from Setback to Success. Follow him on Twitter: @rickjnewman