West Corporation

Posted on February 1, 2011 by West Corporation 



Is Facebook a Risky Business?

What You Need to Know About Protecting Your Practice on the Largest Social Network

by Charity Mason

More and more orthodontic practices are adding a Facebook business page to their arsenal, and with good reason; they’ve learned that it is a powerful tool to market and stay close to their patients. However, participating in the world’s largest social network does not come without risks. Many Facebook users are often under the impression that because of a few privacy settings in their profiles, it’s a secure place. It’s not. But then again, it’s no less safe than any other online activity. The good news is that a thorough understanding of the risks and a common-sense approach to using Facebook make for a good defense against risky activity.

The most common threats you face with utilizing Facebook are spam and scams — both of which could put your business’s reputation at risk by compromising the security of the personal Facebook accounts you use to “admin” your business page. Let’s take a look at some of the possible security issues and discuss what you can do to protect your practice.

Spam Tactics

Thanks to spammers, there are more viruses floating around on Facebook than any other social media channel. That is primarily because of its popularity. Viruses can appear in the form of links that have been posted on your Wall from your friends, such as “This video made me cry!” or “Check out this hilarious holiday greeting!” with a link. They can also come to you via your Facebook Inbox, Chat or in the form of advertisements on your page. Another way that spammers attack is by creating groups and pages on Facebook that offer you a prize or special access to Facebook features if you invite all of your friends. Sometimes they encourage you to “automatically” invite your friends to join. It’s never a good idea to associate with a group that requires you to provide personal information or the contact info of your other Facebook connections first.

Suspicious Links

Now that you know that spammers use suspicious links as a tactic for hacking into your Facebook account, you should know more about how they work and how to spot them. When clicked, these links can take you to malware sites, which can install software meant to access your personal information and gain access to accounts. Another result of clicking suspicious links is clickjacking. Clickjacking makes your Internet browser take action without your knowledge by, for example, posting links on your profile page or causing you to “like” a page.

So what should you be on the lookout for? Don’t click on any strange links, especially if they seem uncharacteristic of the individual who is sharing them. Another indication that spammers are involved is if the messages include misspellings or bad grammar. Also, if you start to see that multiple people are “sharing” the same video, that is a good indication of spam. Finally, be wary of any groups or pages that ask for information before allowing you membership. Report any groups or pages that seem suspicious to Facebook by clicking on the Report link at the bottom left of the page.

Account Phishing

Spammers love to phish, so don’t take the bait! The goal of phishing is to obtain sensitive information from users, such as usernames, passwords and account information. The suspicious links that we discussed above could be all that’s standing between you and some unethical phishing behavior. Clicking on one of these links could potentially take you to a phishing website where you could be tricked into logging in with your Facebook login information. And if you do that, your Facebook account can be taken over.

Again, the things to look out for are similar. Don’t click on any uncharacteristic links from friends, whether they’re posted on your Wall, included in a status update or sent through Inbox or Chat. Though the links may appear to go to authentic looking websites, if something isn’t adding up, trust your instinct. It’s always good practice to ask the person who sent you the link if it was intentional before you click it. Most importantly, if you do click a link, you should never heed a request to enter your Facebook login information or any other personal information, unless it is a Facebook-approved application.


Recently in the news, a warning was issued by The New York Times about a university welcome group on Facebook targeting high school seniors. The page promises that for a fee, it will help you connect with potential roommates at the college or university that you will attend. The look of the site was legitimate and included a variety of college logos. However, it turned out to be a scam. Money was collected, yet no services were rendered.

One scam gaining popularity involves status updates or messages that appear to come from a Facebook employee and often ask for your personal login information. The emails might even contain a From field that says “Facebook” or “The Facebook Team”. Possible message topics might include that Facebook is becoming overpopulated; Facebook is going to start charging money; certain users have special access to profile information; and Facebook is selling your data. It’s important to disregard these messages, tell your other Facebook connections the messages are fake and if necessary, report the sender of the message to Facebook using the Report link.

Another common scam on Facebook involves money transfer. Scammers typically post status updates or send Inbox or Chat messages from a friend’s account claiming that they are in an emergency situation and need money. Obviously, you should never send money without first verifying the story with your friend. And if you feel that your friend’s Facebook account has been taken over, report it to Facebook and they can block access to it.

Make sure that you and your employees are mindful that certain groups and communications can be a scam. Not only are you risking becoming vulnerable to their ploy, but also it can negatively impact your business if you are associated with something that may harm other shared “friends” further down the road. Imagine what could happen to your reputation if your business participates in a fraudulent group, and many of your patients follow your lead.

Scammers can go to great lengths to deceive. Do a search on Facebook for some popular brands, businesses or celebrities. You will often see a variety of results. I was naïve when I first joined Facebook and remember being so impressed that my husband’s good friend had contacted and successfully “friended” a famous supermodel! But was it really her? Probably not.

Naturally, anyone posing as your business can be a threat to your reputation. They may be trying to use the opportunity to gain access to your patients’ profiles. Or perhaps they intend to use your business name to distribute unprofessional content or spam. Although Facebook prohibits the use of fake names and identities, the policy doesn’t keep these instances from happening. Many times it is up to Facebook users to identify these scams and report them. Be active in your use of social media. Search for yourself and your business from time to time and make sure your business entity is still only represented by the page you set up.

A Common-Sense Defense

Here’s a list of eight common-sense steps you can take to keep your Facebook profile safe.

  1. When determining which employee will be the Admin for your practice’s Facebook page, choose a long-term, trustworthy employee.
  2. Remember how to spot a suspicious link and do NOT click on any link that doesn’t seem legitimate. Friends can unwillingly send spam, viruses or malware in status updates, Wall posts, Inbox or Chat messages. If the message and the link are not something that a friend would normally send or post, it could mean that their account has been phished and that spammers have sent the message.
  3. Know exactly where you are going online by watching the domain name in the URL bar on your browser. Make sure anything you click on isn’t taking you to a suspicious URL. It’s also a good idea to bookmark so you are always going to the official Facebook page before logging in.
  4. Create a strong password using both letters and numbers and change it monthly.
  5. Never give out login or personal information. If you are adding a Facebook application to your account and it asks for login information, make sure the application is legitimate before providing anything.
  6. Always have antivirus software installed and updated on the machine that will be accessing Facebook regularly.
  7. Take advantage of Facebook’s opt-in security features. They provide login notifications and can show active sessions that allow you to see the location and time your account was accessed. You can also end active sessions, thus booting off any unauthorized person accessing the account. To sign up for these features, click on the Help link at the very bottom of your profile page, then click the link under Protecting Account Security on the Help Center page.
  8. Stay informed. Links that help:

Originally published in The Progressive Orthodontist, Q1 2011