Graham Cluley at Naked Security:
“Over the last few weeks we have been contacted by a number of members of the Sophos Facebook page, concerned by a message they saw on Facebook, warning them that their account protection was “very low”.
Your account protection status: Very low
Increase protectionWith fake anti-virus (also known as scareware) attacks becoming an ever-growing problem (they attempt to trick you into believing your computer has a security problem when it doesn’t), some security-conscious Facebook users might worry that this is a similarly-styled assault, designed to scare you into taking perhaps unwise actions.
Certainly the warning message gives you the impression that there’s something seriously wrong with how you have defended your Facebook account. I must admit I was surprised to see the message appear on my own Facebook account as I have been quite fastidious in my security settings on the social network, following Sophos’s guidelines for better privacy on Facebook.
So, I was curious to find out just why Facebook believed that my account protection status was “very low”, and what they thought I should do to fix that.
If you do click on the link, the first thing you are asked to do is enter an additional email address. Facebook’s thinking is that if you lose control of the, say, Hotmail or Gmail account that you normally log into the site with, you’ll be able to regain access to your Facebook account by giving them an alternative email address. They could then use this, for instance, to communicate with you.
That’s reasonable enough, of course, if you feel comfortable giving Facebook another email address for yourself. And there is a genuine problem of users having the same password on their Facebook and email accounts – meaning that you could potentially lose control of both at the same time, making comandeering back control of your Facebook presence tricky.
But, there’s no indication of what else Facebook might do with this alternative email address of yours. Not only would you be right to be concerned about whether you are increasing the potential for data loss by sharing alternative email addresses with online companies, but is it possible that Facebook might also use this secondary email address to further interconnect you with possible contacts? There is, after all, no indication on the page that they are not going to use your secondary email address in any other way.”
