Facebook has announced that it will notify users it suspects are being targeted by nation states and urge them to take extra security precautions.<\/p>\n
Alex Stamos, Facebook’s chief security officer, explained the new notifications in a 16 October blog post, saying users will only receive the warnings if Facebook has strong evidence suggesting they are being targeted by\u00a0nation-state sponsored attackers<\/a>.<\/p>\n If the social network believes you are under attack from state-sponsored hackers, it will show a pop-up message in your feed explaining that you may have been targeted.<\/p>\n The message asks, but does not require, those users to turn on an extra layer of protection for their account called Login Approvals.<\/p>\n Stamos said Facebook “will have always taken steps to secure accounts that we believe to have been compromised,” but\u00a0will show the warning\u00a0to users because these attacks may\u00a0be “more advanced and dangerous” than others.<\/p>\n This is how the message looks in the desktop version of Facebook:<\/p>\n Jay, we believe your Facebook account and other online accounts may be the target of attacks from state-sponsored actors. Turning on Login Approvals will help keep others from logging into your Facebook account. Whenever your account is accessed from a new device or browser, we'll send a security code to your phone so that only you can log in. We recommend you also take steps to secure the accounts you use on other services.<\/tt><\/p><\/blockquote>\n Because of the persistence of state-sponsored attackers, anyone whose Facebook account is\u00a0under attack by a nation state\u00a0is probably\u00a0also being targeted on other services, so Facebook encourages securing those accounts as well.<\/p>\n Google began sending similar\u00a0warnings to Gmail users<\/a>\u00a0back in 2012.<\/p>\n Just like Google, Facebook says it can’t reveal how or why it suspects state-sponsored attacks, for fear of giving away useful information to attackers about security methods.<\/p>\n Nation states may target individuals for political or national security reasons, but also attack individuals to\u00a0gain access to\u00a0their employers’ intellectual property or customer data, for example.<\/p>\n Countries like\u00a0North Korea<\/a>\u00a0and\u00a0China<\/a>\u00a0have been suspected of sponsoring attacks on private companies.<\/p>\n Hackers affiliated with the\u00a0Chinese military<\/a>\u00a0were indicted by the US two years ago for allegedly hacking into several US steel companies.<\/p>\n The US claims the Chinese hackers used phishing emails and malware to gain access to email accounts of company officials, in order to steal information that would benefit Chinese state-run steel companies in trade disputes.<\/p>\n Even if nation states aren’t likely to target you personally, it would be a shame to fall into the trap of thinking “no one’s interested in little old me.”<\/p>\n As Naked Security expert Paul Ducklin pointed out in a post describing all the bad excuses we make for\u00a0neglecting our security<\/a>, we are\u00a0all<\/em>\u00a0on cybercriminals’ radars:<\/p>\n We're all in the sights of cybercrooks somewhere, and we owe it to ourselves and to everyone else to do the best we can to thwart them.<\/tt><\/p><\/blockquote>\n Today’s cybercriminals are typically in the business of making money, and to do that they want to compromise as many users and devices as possible.<\/p>\n One method for attackers to gain access to your accounts is to implant malware on your computer that can steal passwords.<\/p>\n Malware of this sort can get on your computer in various ways, such as through\u00a0boobytrapped email attachments<\/a>, or by visiting a malicious website harboring malware that downloads automatically (called a\u00a0drive-by download<\/a>).<\/p>\n Malware can also spread via Facebook.<\/p>\n We recently learned of a hacker using a type of malware called a “Facebook Spreader” to compromise Facebook accounts via malicious links in Facebook chat messages.<\/p>\n In August, a US-based hacker named Eric Crocker pleaded guilty to spreading\u00a0Facebook malware<\/a>\u00a0to hijack thousands of accounts in order to send spam.<\/p>\n Just like Facebook recommends, we think it’s a good idea to add extra layers of security to your accounts, such as\u00a0login verification<\/a>\u00a0or\u00a0two-factor authentication<\/a>.<\/p>\n Even if you’re not likely to be a target of a nation state, that’s no reason to become easy prey for common cybercriminals.<\/p>\n When you turn on Facebook\u00a0Login Approvals<\/a>, you’ll need to enter a special one-time code whenever you log into Facebook from an unrecognized device or browser.<\/p>\n You’ll receive the codes on your phone as a text message, so\u00a0Facebook needs your mobile phone number to send Login Notification alerts.<\/p>\n Login Approvals are\u00a0similar but more secure than\u00a0Login Notification<\/a>, which alerts you when your account is accessed from a new device or browser, but without requiring a code.<\/p>\n To turn on Login Approvals:<\/p>\n Finally, once you’ve set that up, make sure you\u00a0change this setting so you can’t be searched for by phone number<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" by John Zorabedian on October 20, 2015 https:\/\/nakedsecurity.sophos.com\/2015\/10\/20\/facebook-to-warn-you-of-targeted-attacks-check-this-security-setting-anyway\/ Facebook has announced that it will notify users it suspects are being targeted by nation states and urge them to take extra security precautions. Alex Stamos, Facebook’s chief security officer, explained the … Continue reading ![\"\"](\"https:\/\/employee.clawsons.com\/wp-content\/uploads\/2015\/10\/facebook-warning.png\")
<\/p>\nTargeted or not, extra security is always a good idea<\/h4>\n
How to turn on Facebook Login\u00a0Approvals<\/h4>\n
\n