Security concerns with Facebook Marketplace?

Kaspersky Lab’s David Emm shares some security concerns he has about Facebook Marketplace.

Security concerns with Facebook Marketplace?

Earlier this week, Facebook introduced Marketplace, a service that helps users discover, buy, and sell items locally. Think of it as Facebook’s Groups (which permit the sale of items) meets Craigslist.

As the parents of relatively young children, my wife and I have used local yard sale groups on Facebook extensively to sell items the kids have outgrown as well as buy items that we really did not want to buy brand new. To us it was like mixing the value of eBay with the convenience of not having to wait for things to come in the mail — not to mention, no shipping charges.

If Marketplace improves or streamlines the process of buying and selling through those local groups, that sounds great. With that said, using Marketplace means buying something from a stranger online and meeting in person to exchange currency for goods. Marketplace is merely the forum for finding each other, as noted in Facebook’s press materials:

Decided that you want it? Send the seller a direct message from Marketplace to tell them you’re interested and make an offer. From that point on, you and the seller can work out the details in any way you choose. Facebook does not facilitate the payment or delivery of items in Marketplace.

Whenever I purchased or sold something through a Facebook group, setting up the meetings was the worst part. I often opted to pick up an item from someone’s doorstep or porch and leaving money in a mailbox rather than having a face-to-face interaction. Maybe I am paranoid, but those in-person interactions never sat well with me.

As a seller, using the honor system worried me some, but I was typically selling something we had considered outright throwing away, so the risk was worth the reward.

In looking into security aspect of Marketplace, I dropped a line to David Emm, a principal security researcher and member of Kaspersky Lab’s GReAT. He noted that, “the fact that it’s linked to a Facebook profile isn’t really a protection, since it’s possible to hijack accounts or create fake profiles. At the moment, Facebook is keeping out of the transaction — it’s a way of them trying to engage ‘customers.’ But in the future, if they commercialize it (ads), it’s possible that this might lead them to regulate transactions, including payments. People should exercise caution about meeting and making payments to strangers.”

It’s a bit early to say, but overall, Marketplace seems to be a positive addition to Facebook’s platform. Anyone can use it, and it can be an easy way to obtain or offload items while using a platform that is already a part of most Internet users’ daily lives.

However, with that said, a level of common sense really is critical. The following are three best practices for using Marketplace (or, for that matter, other person-to-person goods sites such as Upcycle, Craigslist, Freecycle).

Choose a safe meeting spot

It’s worth repeating: You are buying items from, or selling to, someone you do not know. When arranging for an exchange, try to pick a place that is public. If that is not possible, do your best to mitigate potential risks. For example, take a friend with you, or tell someone where you are going.

Emm added, “It also presents the risk of face-to-face meetings in local areas, which has the potential to be taken advantage of by criminals.”

So if you feel that you are entering a sketchy situation, just walk away. You can always tell the seller something came up and reschedule.

Do a gut check — is it legal? Legally obtained?

If you saw someone selling a 2017 Ferrari for $1,000, you would assume that car was stolen. The same can be said for a too-good-to-be-true $100 MacBook or $50 Rolex. If the deal sounds too good to be true, the item is most likely fake or stolen, and you should walk away.

Also think twice before buying something illegal, should it find its way into the Marketplace. For example, if you decide to peruse Marketplace looking for guns, narcotics or other illicit items, consider that as a public forum, Facebook Marketplace can be viewed by law enforcement officials.

Use common sense

Ultimately, perhaps the most important safety equipment you can bring to the Marketplace is your own common sense. Whether you are buying or selling, weigh the risk against the reward for each potential transaction. By bringing these sales into Facebook, you gain a measure of convenience but give up some of your privacy by putting out identifiable data.

Currently, Facebook Marketplace is brand spanking new. I for one am excited to see its evolution. Emm notes that he sees some type of regulation on the part of Facebook in the Marketplace’s future: “If I buy through the Amazon Marketplace, I’m offered the same protections as when I buy through Amazon, or another store — buyers and sellers don’t see each other’s details; the buyer doesn’t pay the seller directly; and if anything goes wrong, Amazon acts as guarantor. In the end, I think Facebook will be obliged to regulate the marketplace to one degree or another.”

Classified data and security

Fundamentally Kaspersky Private Security Network is the same cloud service Kaspersky Security Network, but we redesigned it to work strictly within the customer’s infrastructure. It therefore ensures the privacy of all data processed.

Tips