Safegaurd Your Facebook Experience

Monday, April 25th, 2011 at 3:24 PM by Jason Spencer   

Assuming you read last week’s post, I have to ask: Are you practicing safe Facebook? What? You only read about my experience and failed to take any action? Tsk, tsk.

Actually, I don’t blame you. Facebook doesn’t do a very good job of telling the world about their security features. Even the new ones seem to slip in under the radar. I figure it’s because they are beta testing them on the general public, or they are afraid of a backlash from the tech community wondering where these features have been the past few years.

Even when I encountered someone hacking into my account, when I finally resolved the matter, Facebook’s Risk Management department sent me an email with less to do about measures I can take within my Facebook account and more about things to do with outside apps. I already feel I take my security pretty seriously, so I dug deeper into a few of Facebook’s not-so-obvious security features.

Make use of secure browsing

Facebook SettingsI have to thank my friend Stacie Tamaki (The Flirty Blog) for being the first to point out the secure browsing (https) option that Facebook recently implemented. To flip the switch, you’ll need to click on Account then Account Settings. Don’t get frustrated by thinking it should be under Privacy, it’s just not there.

You should default to the Settings tab when the page loads, and then scroll down the list to Account Security and click on Change. The first option will be for Secure Browsing (https). You’ll want to check that box and click on the Save button.

Tracking devices and computers with access

This is also where you can track any device that logs into your Facebook account. It was this feature that helped prove I was not responsible for the fraudulent charges on my account. All you need to do is enable the Login Notifications by choosing to receive and email or text message (or both) whenever this happens.

Facebook Device Name

The nice thing is that since you name the device, you can keep a running log. Notice I went with a somewhat distinct naming scheme to help thwart attacks from unknown users. It will also log the IP, and report your location (based on the IP).

Drawbacks of secure browsing

Perhaps the reason Facebook hasn’t made secure browsing so obvious, is that it somewhat ruins the experience. Take the American Express OPEN Big Break as an example. While the main Product Page is still secure, the tab item for the Big Break is not. As a result, you have to temporarily stop secure browsing:

Facebook Switch to http prompt

You’ll want to pay attention to that last line: You will have a secure connection upon your next login.

I didn’t quite catch this the first time. Since I am the only one that uses my laptop, I have my Firefox browser set to “remember” me on the login screen. That means that I’ve got to actually logout and log back in to resume secure browsing:

Facebook Not Secure

Another concern if you are using the notifications to track device login – this can get tedious if you use a lot of computers or devices. Certain applications that you grant access are also considered devices (for instance, I use Rapportive for Gmail, and received a text upon authorization). I actually think this is a good thing, but if you are not on some kind of unlimited texting plan, you should be careful how you set this up.

Other considerations

The native app that you use on iPhone is going to only secure your password. That means your username, any chats, wall posts, info requests and more will be open to that guy on the other side of Starbucks who has hacked the WiFi signal.

The touch.facebook.com site for mobile browsers is actually worse, not even running over a secure connection.

To help avoid fraudulent charges, remove any stored payment methods unless you absolutely need them. I had one from a recent Facebook Ads campaign, and that’s what got me in trouble (they are also used for Facebook Credits). You can check yours by going to Account Settings and then the Payments tab. Then look for Payment Methods and click on Manage. You will need to re-enter your password to view this.

If you are incredibly paranoid, I’d recommend going through all those apps you didn’t realize you authorized. If someone hacked into them, they could gain access to all sorts of data stored in your Info tab. To block or remove these, venture to the Privacy Settings and then scroll down to Apps and Websites and click Edit Your Settings. When the screen reloads, click the first Edit Settings button for Apps You Use.

Plan to be on this screen for a while.

Final thoughts

As I’ve stated in the past, Facebook is a great service and I think that it will continue to shape the future of how we communicate both online and off. That doesn’t mean that they didn’t grow up too fast in a recent boom of users and have trouble understanding the best way to secure their users. It seems that they have made attempts at becoming more secure, but they are failing to notify the public of these changes.

Perhaps they would be better off just using a secure connection whenever possible?

Tags: , , , , , , ,

Are You Practicing Safe Facebook?

Wednesday, April 20th, 2011 at 3:33 PM by Jason Spencer   

About two weeks ago my Facebook account was hacked. Before I go any further, I should state upfront that I am not of the mentality that “Facebook is out to get me.” In fact, I think Facebook has done a decent job of trying to be a viable service and business, while remaining one of the strongest social media tools out there. Unfortunately, Facebook still seems to lack in two places: Customer Service and Security Awareness.

What happened the first time?

Facebook Login ScreenMy wife and I were having a late breakfast at Specialty’s Café & Bakery in Santa Clara when someone accessed my Facebook account. I probably wouldn’t have recognized it right away, but I received two emails. The first was for a Facebook Credits purchase in the amount of $81.10. Those credits were then turned around and used to purchase in-game content for Zynga Texas Hold’em Poker. I received a second email from Zynga that welcomed me to the game.

At first I thought that the FB Credits email was a hoax, but the second email from Zynga set off my internal alarms. I raced back home to access my laptop and get to the bottom of things.

Nobody cares

After twenty minutes of digging through support options, I contacted both Zynga and Facebook support. The first response came within 90 minutes from Zynga Customer Support. Apparently not concerned that someone is illegally using my account to access their servers, I am told that because the purchase happened with Facebook, that there is nothing they can do for me. I had hoped they could help me block the account (I don’t use any of their games anyway). No dice.

I had to wait almost a full 24 hours for a response from Facebook Credits Support Center.  My original message to them read:

I did not authorize this charge, but I received an email this morning prompting me to check my account. I do not currently have a credit card on file (according to FB Credits) so I’m not sure how this card was used to purchase anything. I do have a card ending in the same four digits, but it is not yet showing with my credit card company (less than 90 minutes since the purchase).

Expecting that I might get help with a fraud claim, or event help researching who might have accessed the account, I was instead given a response from “Clive” that read:

You can view your recent Facebook Credit transactions on the Payments tab of the Account Settings menu. From here you can see all Facebook Credits purchased and view detailed receipts showing items you have purchased with the credits in the last 30 days. To view your recent transactions follow these steps…

The remainder of the email were the four steps to viewing my purchase history. That means I just got the canned response to something I didn’t even ask. I had already been to the purchase history. I know because that’s where I clicked the “View Receipt” link that then allowed me to dispute the charge in the first place.

Facebook Credits Screen

Example of the Facebook Recent Purchases screen

Adding insult to injury

I felt Facebook’s initial response was dismissive of the situation, so I had a snarky reply:

You didn’t answer one word of my original question. What part of “I did not authorize this charge” did you not read?  If you cannot help me with a fraud report, who can?

“Clive” responded to me about an hour later:

We have investigated the matter, and it does not appear to be a case of fraud, but rather a case of a family member or friend accessing this account and making theses charge as there does not appear to be any irregular login patterns indicating a compromised account.

What? That’s it? Because Facebook can’t find “irregular login patterns” my account hasn’t been compromised?

The message actually continues to state that “because this unauthorized charge was made by someone in your household or by someone who is known to you, [Facebook] cannot issue a refund per our terms of purchase.”

After a few more messages back and forth, I was told that if I “dispute these charges with your credit card company or bank, the account that made these charges may become limited and will lose certain functionality.” They insisted that I knew the individual that made these charges, and as a result this was not fraud.

The waiting game begins

Feeling that I was shrugged off as a liar, and that fraud or security was not an issue Facebook wanted to deal with, I turned to the local media.  Although I contacted several news outlets, only one decided this issue was worth investigating further. KPIX-TV in San Francisco (CBS5) contacted me, and we have been going back and forth since.

My last message with “Clive” was on April 12th. I’m guessing that my threat to get the Santa Clara Sheriff’s Department involved just silenced the conversation. But then something new happened six days later.

A second compromise

In those six days, I had discovered some new security features of Facebook. These are things that everyone should know, and I’ll make another step-by-step post of securing your Facebook presence in the near future. With the ability to now be notified when someone accesses the account, I received a text message and email at 3:30 the morning of April 18th. This message gave me the IP address (probably spoofed) and location of the login: Chicago.

The key (for me) was that you also have to name the machine logging in. I had uniquely formatted my other logins so that I could easily spot someone that randomly jumps into my account. It was quite obvious that I did not login this time.

I quickly locked the account via a link in the email. I also had my wife view my profile to see if any strange activity was on my wall. Sure enough, they had “Liked” the Zynga Poker page. Similar activity to similar apps. This person also changed my password, I assume to try and lock me out. For what it’s worth, Facebook does have an easy way to lock your account, then steps to verify that it is *you* trying to reset the account. The downside is that you will reset your password twice during this process, and you are not allowed to reuse your old passwords.

Well this apparently was a big step in getting my money back. I forwarded the email to “Clive” who did not reply to me.  But apparently, “Lloyd” in Risk Management had enough to reach out:

We have investigated your account and believe it has been compromised. All purchases made while the account was compromised have been refunded to the appropriate source.

Victory is mine!

Yippie! Victory!! Right? Wrong. This means that they had enough to agree with me that I did not make this charge, and did refund my money. However, they still didn’t seem to address who was logging into my account. Even after changing my password (several times actually) and enabling additional security features, someone still managed to gain access to my account.

This means that I have to continue living in fear. I run a small business. I have what’s known as a Facebook page, essentially a storefront on the Facebook platform. You know those little rectangle ads that you ignore on the sidebar? I can get one of those. To do so, I need to have a credit card on file.

That’s right – The same Facebook Credits system that someone hacked into and charged up on my credit card is the same system used for business transactions. That’s how I was compromised in the first place. Two years ago, I added a credit card (before the FB Credits system existed) to pay for a short run advertising of the Bay Area Groom’s Workshop.

I would love to use ads again. Facebook has one of the most powerful targeted advertising systems out there, but if I can’t feel secure in leaving a credit card on file, what am I to do? Even if I purchase a Facebook Credits gift card, it will only limit the damage. Facebook’s payment terms already state that “When you provide a payment source to us, you confirm that you are permitted to use that payment source. You also authorize us to collect and store it, along with other related transaction information.”

How do I know that they won’t just pawn illegal activity off on a family member or someone else that I know again?

What is your experience with Facebook Credits?

Are you using Facebook Credits for anything? Running a business? Using them to enhance your in-app experience? I would love to hear about it. I still have my interview with CBS coming up, and I’m curious if others have had real issues with Facebook’s security.

As mentioned earlier, I’ll be putting together an additional post that provides step-by-step procedures for securing your Facebook account.  These are things that I didn’t know about until I was compromised, but because I had enabled them, the second time I was able to put the brakes on it before anything bad happened.  Be sure to subscribe to my blog to keep in the loop when I have that post complete.

Facebook Dodges The Security Issue

Tuesday, April 19th, 2011 at 8:23 AM by Jason Spencer   

I was recently the victim of not only a hacked Facebook account, but also fraud with a credit card that was stored on file. It took some time to rectify the situation, and I’m still not sure that I am in the clear for storing my card again. What amazes me, is how Facebook responded with “guidelines” to keeping my account secure.

Don’t get me wrong, these are all good  practices, but Facebook seems to be pointing the finger at everyone but themselves:

*** The text below is from an email sent by Facebook’s Risk Department on 18-Apr-2011 ***

1. Secure Email: Since anyone who can read your email can probably also access your Facebook account, you should make sure that any email addresses associated with your account are secure. To ensure security, you should change the password for all of your email accounts and make sure that no two are the same. By varying your passwords, you can greatly decrease your account’s risk of being compromised in the future.

2. Log in at Facebook.com: Accidentally entering your login credentials on a fake Facebook login page can put your account security at risk. Make sure that when you access the site, you always log in from a legitimate Facebook page with the facebook.com domain. Do not click any unfamiliar links and do not run any executable files (files ending in .exe) on your computer without knowing what they are. If something looks or feels suspicious, go directly to www.facebook.com to log in. You should also be suspicious of any messages sent to you purporting to be from Facebook or an application developer asking you to login to claim a prize or validate your account.

3. Password Protection: Please do not give out your login information to anyone for any reason. You should select a unique and complex password for your account and keep this entirely to yourself. Be sure that you use a complex string of numbers, letters, and punctuation marks that is at least six characters in length. It should also be different from other passwords you use elsewhere on the internet.

4. Private Browsing: Please make sure that you log out of your Facebook account and quit your browser when you’re done using the site. This is especially important when using a public computer or someone else’s mobile device. You should also never check the “Remember Me” box when logging in from a public computer, as this will keep you logged in even after you close your browser window.

5. Security Question: If you have not done so already, you should add a security question to your account from the Account Settings page. You should choose a question and answer that you will remember, and no one else should be able to answer the question that you choose.

6. Run Anti-Virus Software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove these harmful programs and keep your information secure.
For Microsoft
http://www.microsoft.com/protect/viruses/xp/av.mspx
http://www.microsoft.com/protect/computer/viruses/default.mspx

For Apple
http://support.apple.com/kb/HT1222

7. Learn More: You should visit the following page for more information about Facebook security and how to report suspicious material in the future: http://www.facebook.com/security

Tags: , , , , , ,

Mobile Beat Las Vegas 2011 – Part Two

Thursday, March 3rd, 2011 at 12:00 PM by Jason Spencer   

This is the next installment of my recap from the Mobile Beat Show & Conference in Las Vegas. In the last post, I covered the pre-show dinner and presentations by Mark Ferrell (You Only Get One Song) and Mitch Taylor (Ace of Sales).  I’ve got three more for you today.

I’ve still only scratched the surface with these. Why? Because while not everyone fully understands what it takes to be a professional entertainer, especially in the wedding industry, I can’t give away everything to [entertainers] not willing to invest in themselves, their company, and even their own clients.

Wednesday, February 2, 2011

Larry Williams | B-Sides

We are, after all, entertainers. The music we play started in a time of the 45 RPM record. As Larry Williams pointed out, the B-Side of a single was a track designed to show the diversity of an artist. It showcased not only what you needed (the mainstream song), but what could also be achieved (the creativity of the artist).

“The status quo isn’t working,” said Williams.

Are you noticing a theme? Larry further painted this picture by showing us some video footage. This wasn’t any footage, it was from a recent bridal show where Larry attended as an interviewer. He asked couples about their perception of the wedding DJ. It didn’t take long for us to see that the “status quo” to many brides comes across as “cheesy” and “loud” and “obnoxious”.

Larry encouraged all of us to unveil our own B-Sides, the services we offer that are unique. I agree.

Randy Bartlett | Behind The Scenes

If there is one thing that often goes unseen by our clients and their friends and family, it’s the inner workings of an event. Randy Bartlett reminds us that, on that special day, this is a good thing. At one point of Bartlett’s presentation, he asked us to compare a Broadway Production to a High School Play.

“It’s not about [the DJ’s] experience. It’s about the bride and grooms experience.”

As the title suggests, behind the scenes is where we work out real magic. Most of what we do is and should be behind the scenes. We are prepping the best man for his toast, we are informing the photographer of the first dance timing, The ultimate goal is for us to create incredible experiences for our clients.

Sometimes we try so hard to educate our clients of the fact, one that Bartlett reminds us — being Master of Ceremonies is more than making announcements and playing music. It’s a real job.

Wedding Entertainment Directors (W.E.D.) Guild | Open House

If you ever wondered what the highest level of achievement the professional wedding entertainer can attain, that would be Wedding Entertainment Director. Okay, perhaps that’s not true. I know many guys going around and making a great living as MC and DJ in their market. I also know some of the brightest, most creative, and most inspiring individuals in the industry, and darn near all of them are Wedding Entertainment Directors. Why?

Well, several years ago, a disc jockey by the name of Peter Merry spoke at Mobile Beat. See, Peter had written a book and decided to turn the industry upside down. Everyone was astounded at this book – perhaps mostly because it wasn’t intended for DJs, but rather for brides and grooms looking to get out of the average run-of-the-mill wedding reception. What really shocked everyone though, what when Merry told everyone at the end of his presentation that he was no longer a disc jockey. Starting that day, he was a Wedding Entertainment Director. [CUE: Standing Ovation]

Wait…what? How do I become one of those? Well, if you’d like, you can read the full three page application requirements, but in short it requires a bit of heavy lifting. And they take this seriously. First, you have to become buddy-buddy with one of the current twenty-two (yes, that’s the current world-wide member count) for a sponsor letter. Fortunately, I know most of them, and even took training from Peter with about a half-dozen of them two years ago. That is one item I can check off the list.

Now on with the other twenty-four requirements. These range from verification documentation (you must be in business for at least five years), reference letters from past clients and other wedding professionals, proof of liability insurance, samples of personalization and creative situations we have created, samples of our event direction (see Behind The Scenes with Randy Bartlett), and several videos that display our live performance and spokesperson qualities.

Then the hard stuff begins. We have to pass a 3/4 vote from the Advisory Board. Once that happens, we are grilled by the four person board via a 30-minute phone interview. Assuming they are still satisfied, another vote is taken and if you pass, you’re in. Yes, there are some fees to go with this, but anyone is welcome to apply.

My friend and current W.E.D. Guild member, Mitch Taylor, said that he set out to become a member within one years time, and succeeded. I know that I have what it takes, just not all the assets. I’ll be taking the next few months to acquire or record video, and complete all other requirements. My personal goal is to have my application in by the end of summer, and no later than this time next year I hope to make the announcement that I am officially a Wedding Entertainment Director.

The open house concluded with a full presentation of Peter Merry’s “Make It Fun” seminar. I was surprised at the small number of entertainers in attendance for both the open house and “Make It Fun” – but that just means that fewer individuals have that knowledge or desire to become better. For this reason, I have decided not to post a short review here. More power to me in my own market.  😀

Thursday, February 3, 2011

Mitch Taylor | Creative Consultations

The final presentation that I officially attended at MBLV this year was by my good friend Mitch Taylor. Let’s face it, sales will always play a part of this business. I can’t just show up at a wedding, play, and expect to be paid at the end of the night. Despite the need for negotiations, who said that it had to be stuffy and all business?

Mitch reminded the audience that we – as sales people – need to start in the morning with an “Attitude Affirmation.” He told us what the six questions were to ask before each initial consultation, and then six steps to break out of the boring, stuffy meetings. After all, we are DJs – this is supposed to be fun!

That’s it!

With so much to do at Mobile Beat, there was too much information to squeeze into just two posts. Perhaps down the road I’ll recap some of the parties and entertainment that kept everyone going long into the night, and groggy the next morning. Keep in the loop by subscribing to my blog now!

• Did you miss the first post? Read Part One now!

Tags: , , , , , , ,

Mobile Beat Las Vegas 2011 – Part One

Monday, February 28th, 2011 at 3:54 PM by Jason Spencer   

Something magical happens every February in Las Vegas, Nevada. Professional DJs from all over the world descend upon the Mobile Beat Show & Conference, a three four-day adventure of both performance and business education, networking, equipment expo, trends, organization meetings, and parties. I am almost always inspired by several speakers or events that happen at the conference, and this year was a no holds barred situation.

Because not everyone fully understands what it takes to be a professional entertainer, especially in the wedding industry, I thought I would recap some of the highlights from my week. This certainly isn’t everything, but only because I can’t give away everything to those not willing to invest in themselves, their company, and even their own clients.

There was a lot going for MBLV this year, which is why I’ve also chosen to break this up into two posts. If you are concerned you might miss out on the remaining stories, I encourage you to bookmark or subscribe to my blog now.

Monday, January 31, 2011

Buca Di Beppo Annual Dinner

This is a tradition that dates back a number of years, but surprisingly only my second year attending. It’s a bit of a “super secret invite” situation where we pack the banquet room in the back corner of Buca Di Beppo for some shenanigans, great family-style food, and perhaps the best unofficial networking event of the whole trip. Some of these people I’ve never met, or only met via Facebook connections. It’s great to sit at a table with possible strangers and see how things work in their market, who inspires them, and how they ended up at the dinner. Perhaps one of my favorite parts, at the very beginning we are serenaded by one of our own, Jim Cerone, usually by a crooner classic. This year was no exception.

Tuesday, February 1, 2011

Mitch Taylor | Ace of Sales

This wasn’t really in the full schedule, but actually a “bonus” presentation as part of the DJ Event Planner room. Mitch is a great friend of mine that I first met a few years ago at Mobile Beat. He has begun an intense relationship with author, professional speaker, and business trainer, Jeffrey Gitomer. A new service, Ace of Sales, is designed for smaller businesses (like those in the wedding industry) to connect with their clients on a one-to-one level through electronic communication. Too often, other email marketing tools are designed to blast spam out their lists. Ace of Sales takes a different approach, offering tools to fine tune the content and make it customized to the individual recipient. We are not shooting fish in a barrel, we are generating a connection with out brides and grooms.

While I have not committed to the Ace of Sales system, it is very new (just a few months live) and shows great potential. I look forward to picking the brain of Mitch as time goes by and seeing how much closer his clients are as a result of using this communication system.

Mark Ferrell | You Only Get One Song

This was the #1 reason I attended Mobile Beat. As you will see in this series of posts, there are many great speakers and reasons to attend. However, Mark Ferrell is one of the most awe-inspiring presenters you will encounter. He and his wife Rebecca are known for their MarBecca Workshops, which educate the determined entertainers on topics such as Master of Ceremonies and Presentation of the Love Story. Looking through my chicken scratch, I took 3x more notes during his presentation than anyone else this year.

It didn’t take long for Mark to connect with everyone in that room, and he only needed one work to do that: TALENT. He reminded us that we all do the same things, and that it’s “how” you do those things that differentiate you from the masses.

“‘DJ Good’ is no longer good enough,” said Ferrell.

He reminded me why I’ve been in this industry for sixteen years. It’s no longer a gig. It’s not just another contract. I love what I do, and my clients are the reason I care so much about what I do. This is not a superficial relationship. It is one reason I will insist on meeting with my clients before even discussing the booking agreement. It is a passion.  It is my passion.

Does that make me unique in my market, perhaps. Think about the other vendors you meet. Consider the discussion you had with them. Were they getting to know you, your needs, and your expectations – or were they just trying to put another date on their calendar? This applies whether you are a client or another vendor.

In case you are curious, all of that came from page one of the notes.  I’ve got three more that I do not intend to share with the world.  🙂

Two more days of chaos are coming!

You’ve just read about the first two days at Mobile Beat Las Vegas.  There are still two more to come, so be sure to check back later this week for the next installment, where I’ll talk about Larry Williams, Randy Bartlett and the Wedding Entertainment Directors Guild.

Tags: , , , , , , , ,