Have you seen any of the hundreds of Facebook ads that were promising big tax breaks if you installed new solar energy panels? The sketchy ads claim that with the new tax incentives, you can actually make money by installing solar tech on your home.
Spoiler alert: They’re all scams. Here’s the catch — to get the details, you’ll need to enter your address, email, utility information and phone number on linked websites that are known for data harvesting.
You know what that means, right? Sharing your information on these websites sets you up for more spam, malvertising, robocalls and future phishing attacks. Oh, and nope, the tax breaks don’t exist.
Don’t feel that bad if you’ve been duped. After all, the fake ads tried their best to look convincing by using photos of almost every U.S. governor (and even President Trump) to entice Facebook users to click through them.
Oh, and apparently, it took notices from state government officials to get Facebook to finally take them down.
Ads like these show how easy it is for scammers and malicious actors to use social media platforms for misinformation. It’s troubling to think that large tech companies like Facebook may not have enough resources to consistently filter questionable content and malicious ads.
According to ABC News, Facebook uses a combination of automated processes, employees and user feedback to review and police its ads. But as evidenced by these fake solar tech tax break ads, these methods may not be nearly enough to effectively monitor everything that passes through its site.
Why are fake ads like these so prevalent? Well, the more people they can lure, the more information they can harvest. This information can then be sold to marketing companies who are looking for a specific audience. Hmm, this business model sounds very familiar, doesn’t it?
Facebook drops login tool that asks new users for their email passwords
In other news, Facebook has finally dropped the controversial option that allows new users to verify their email accounts by providing their actual email account passwords. The backlash against this practice all started when security researcher e-sushi tweeted a screenshot of the login step earlier this week.
Apparently, new users who used email accounts that don’t support OAuth were presented with this verification option when signing up.
This practice was highly scrutinized because, you know, sharing your email account password with someone else is a big no-no from a cybersecurity perspective. There’s a reason why phishing attacks are typically disguised in the same way.
Note: OAuth is a widely used web security standard used by Amazon, Google, Twitter and Facebook to allow third-party services to access their content without providing their passwords.
However, we reached out to Facebook and they said that the passwords are not stored by the company nor is it a requirement for signing up. New users can also choose to confirm their account with a code sent to their phone or a link sent to their email.
“These passwords are not stored by Facebook,” a Facebook spokesperson told komando.com. “A very small group of people have the option of entering their email password to verify their account when they sign up for Facebook for the first time.”
But Facebook also admitted that “the password verification option isn’t the best way to go about this” so they will no longer offer it as a verification option.
Now the question is this – if this is the case, why did Facebook offer it in the first place?