Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook says there's a security problem and wants my driver's license -?


  • Please log in to reply
17 replies to this topic

#1 Arrby

Arrby

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:04:36 AM

Posted 19 September 2015 - 08:58 AM

Hello. I might have a problem. I've been on Facebook a few days now. I only joined so that I could post comments on HuffPost Canada. I hate Facebook and won't be using it for anything else. Anyway, I work on a laptop (Windows 7) at home and when I go to work I work on my other laptop, also on Windows 7, home professional I think it is. Early this morning, after posting to HuffPost successfully (via my Facebook log in), I was suddenly met with a notice that there was a security issue that I had to resolve my going to Facebook.com, which I did. I entered the captcha I was presented with and then was told that I had to send Facebook my photo ID, not including my Facebook profile image (don't have one). The msg said driver's license or similar official ID would be acceptable. That's incredible to me. Is that possible? Is it something that Facebook might do?

 

The first message (using PicPick and uploaded to Box.com): https://app.box.com/s/ukz3h11f5q7ijh84ufub7l4zrhsplbq8

 

which led to: https://app.box.com/s/4nji7ernyxojfrxc9pqdv6v39qujwa2g

 

Thanks in advance!



BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:36 AM

Posted 19 September 2015 - 09:19 AM

I don't use facebook either but obviously you don't want to submit the ID that they are looking for. I'm not sure if this is a phishing attempt or not.

 

You don't need a facebook account to comment on huffingtonpost, it just makes it easier for those that do already have one. if you go to huffingtonpost.ca and look at the top right corner you can create an account directly with the website.


When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 ranchhand_

ranchhand_

  • Members
  • 1,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:02:36 AM

Posted 19 September 2015 - 09:26 AM

This is scamware.... for goodness sake get out of there. No legitimate website will ask you for your DL! Then go immediately to the Malware section of this forum and explain what happened. Follow their directions to make sure you don't have a backdoor trojan or root kit on your HDD. Do this immediately.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 19 September 2015 - 09:26 AM

The URL in the first screenshot looks legitimate to me since it really is Facebook.com. Also, you're not the first one asking that kind of question and Facebook might indeed ask for a such thing. Directly from their website:

https://www.facebook.com/help/182439941814828
https://www.facebook.com/help/159096464162185

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:36 AM

Posted 19 September 2015 - 04:38 PM

If they do ask...it's a poor business practice and not one I would reply to with that kind of info.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 19 September 2015 - 05:44 PM

Though Facebook is very popular, this is a good example of why I stay away from it. Facebook is run by morons who don't understand that they can't ask for these kind of details from users. It's intrusive and probably illegal.



#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:03:36 AM

Posted 19 September 2015 - 06:33 PM

Facebook is a "must have" for so many people they can get away with this type of thing. With a billion users they know they can ask what they want.

 

To be fair, it does prevent people impersonating others but its not something I care to provide to use a website. And LEA can be sure you are who you say you are when they build your file. Eventually they'll link all your info from the cradle to the grave, from your birth certificate to your death certificate and everything in between.


When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:36 AM

Posted 19 September 2015 - 06:47 PM

Facebook is Willingly in Bed With the NSA
How Facebook Secretly Aids Government Searches
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 AM

Posted 19 September 2015 - 06:48 PM

I believe Aura is correct. I have read Facebook's security policies in the past and the links Aura posted were edited by Facebook two months ago. Typically this occurs if you lose access to your account (if your account is compromised) so you can prove ownership of your account. Facebook's policies also require that you use your legal name on your account and only have one Facebook account.1, 2 An article from The Guardian about this is available here.


Edited by packetanalyzer, 19 September 2015 - 06:48 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 19 September 2015 - 06:53 PM

This happened following a lot of identify theft situations on Facebook I think, so now they're taking precautionary measures. You don't even have to be on Facebook to be victim of identity theft, anyone can steal your identity there and you wouldn't even notice it. This is one "doubtious" security measure I agree, but in the end, it might help prevent your identity to be stolen in the future. I think this new concept only applies to new accounts however. Those who created one in the first few years of Facebook weren't/aren't affected by this. I never was.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 ranchhand_

ranchhand_

  • Members
  • 1,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:02:36 AM

Posted 19 September 2015 - 07:03 PM

Anyone who does something so stupid as to post his extremely private data on a corporate database that is actively being sought by identity thieves  has nothing to cry about when the hammer falls on his head. Facebook used to be a fad. When did it suddenly become a necessity? Are we kidding ourselves? How many people have their resumes rejected by some corporate snoop who finds them on Facebook and doesn't like what he sees.

Good grief.


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.


#12 Arrby

Arrby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:04:36 AM

Posted 19 September 2015 - 07:11 PM

Thanks for the replies folks. I work nights so I was not able to deal with your advice until now. Indeed, Facebook, like the other tax evading behemoths, do lots of evil. At least Google had the good graces to drop the 'Do no evil'. Here's Google, partnering with Canada's Globe And Mail to host a leaders' debate about the economy. A company that boasts about it's tax evasion and a rightwing daily that refuses to allow one Party leader (who sits in Parliament) into the debate, hosting a leaders' debate.

 

I will ask, as advized, BC's experts about this problem. If there's the option on HuffPost to sign up, it sure did a good job of evading me. Trust me, I REALLY didn't want to use Facebook. And I won't be handing over my driver's license even if this isn't a phishing scam. I agree; That's just not right. I have NEVER been asked to do that for any other site. Now, If I believed in Facebook and Zuckerberg, and I thought that the site was worth the trouble, perhaps.

 

I just examined one of the sites that Aura, above, provides links to. Here's what I see:

 

** In most cases, the easiest way to confirm your identity is to follow the on-screen steps to enter your mobile phone number and request a code. If you can't confirm your identity using your mobile number, you'll need to provide a copy of your photo ID. This can be a scanned copy or a close-up photo you've taken. **

 

It didn't look to me like I was being given all those options, but maybe I lost my focus once I saw the part about sending in my driver's license. Should I check again? I will, but I will not be sending in my driver's license. A phone method I'll go for.

 

I see that there's been other replies while I've been typing here. I will see what they say before proceeding.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 AM

Posted 19 September 2015 - 07:13 PM

I would check again if I were you, but maybe that option wasn't offered to you because you didn't enable SMS verification or security in your Facebook account. It needs to be enabled, otherwise anyone could get a verification SMS sent to their phone number and access your account that way.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:36 AM

Posted 19 September 2015 - 07:16 PM

I understand the reason they are doing it. If we give them the benefit of the doubt there are some very real reasons to have users prove they own the account they want to access. The use of single sign on using Facebook across the web expands the access a malicious person potentially has just by compromising a user's Facebook account.

 

On the other hand, yes any database that contains a vast amount of personal information is of potential interest to the same identity thieves this security measure is meant to protect from. It is a choice every user must make if they are faced with not using Facebook or providing legal identification.

 

Short of a national Internet identification mechanism (smart card?, biometric information?) uploading photo identification might just be the the best solution to prove someone owns an account at this time. There are many ethical and legal considerations with this but I think we are beginning to see the future problems of proving your identity online.

 

I looked and there is a link as earlier stated in the top right corner of the HuffPost.ca website that says "Create Account". It appears you can create an account with an email address. So if you want to create an account using that process and deleting your Facebook account perhaps that is a better solution for you.


Edited by packetanalyzer, 19 September 2015 - 07:19 PM.


#15 Arrby

Arrby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Toronto, Canada
  • Local time:04:36 AM

Posted 19 September 2015 - 07:54 PM

Packetanalyzer: Agreed. But I'm sure I've tried that before, because, as I noted, I strenuously avoided Fluffbook.

 

Aura: I can't do anything now about security settings in my Facebook account. :-(  I can't get into it.

 

Eli Pariser's book, "The Filter Bubble" is very interesting. Folks here would like it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users