Menu Home

Don’t Be a Facebook Fraudster

(Image: Manishin.com.) Earlier this month, I used Facebook email to contact a colleague–let’s call her Vanessa–to talk about a private matter. Imagine my surprise when Vanessa’s boss emailed me back from her Facebook account!

Vanessa’s firm already had a Facebook fan page, and wanted employees like Vanessa who also had Facebook accounts (really, don’t we all at this point?) to be open to using their accounts to interface with the firm’s clients. As long as it’s voluntary, that doesn’t sound like an objectionable request, does it?

More objectionable but equally common, how about if your employer monitored your business email account to monitor the quality of your client communications? You probably wouldn’t (or don’t) like it, but it’s not against the rules, either.

Now…how about if your employer created a dummy Facebook account using your name expressly so that clients–and colleagues (like me)–would think they were emailing you but were actually emailing the firm? In effect, commandeering your personal identity on Facebook for commercial purposes?

That’s just what Vanessa’s employer did, and it violates Facebook’s Terms of Service. On Facebook, you’re expected to be who you say you are–in order for people who contact you to be guaranteed that they’re contacting, well, you. That’s important, because if I can’t be sure my intended Facebook email recipient is who they say they are, my right to privacy as another Facebook user is put in jeopardy.

On these grounds Vanessa’s employer violated my Facebook right to privacy: by assuming her identity; by reading my email; and by responding to it in detail. Her employer didn’t realize they were doing anything wrong–they told me (cue the collective ewww) they always read their employees’ email and anyone who writes an employee of the firm should expect that.

Skin-crawliness of that assertion aside, the error Vanessa’s firm made was in assuming that Facebook was an open system. It isn’t. Unlike generic email accounts from providers like Yahoo or Gmail which are available for almost any purpose, Facebook is a membership-based system specifically for personal use, which requires you to be who you say you are.

Facebook considers identity impersonation fraud. I let Vanessa’s employer know about account practices acceptable to Facebook TOS and went on my way. A short while later, her employer wrote me back. I filed the email away without reading it.

After all, it wasn’t Vanessa’s boss who I wanted to have a conversation with in the first place.

Categories: Blog & Social Media Tips

Tagged as:

Michael Thaddeus Doyle

I'm a NYC-native, Latino, Jew-by-choice, hardcore WDW fan in Chicago with an Irish last name. I believe in social justice, big cities, and public transit. I do nonprofit development. I've written this blog since 2005. Believe in the world you want to live in.

My Bio | My Conversion | My Family Reunion

Contact: mikedoyleblogger@gmail.com

7 replies

  1. Tony, I did. Then I reported the account to Facebook for fraud, after I realized the extent to which their self-interested actions had violated my privacy.

    Phil, you make a good point. In terms of the individual who employs “Vanessa”, however, I fear the problem is just laziness. I’ve known her employer previously, and was once told they didn’t have time to pay attention to blogs and websites and that they just didn’t trust them. Given that, my assumption is that this individual just didn’t bother to RTFM, as it were.

  2. Mike

    Good post and I share your outrage.

    You write below:

    Skin-crawliness of that assertion aside, the error Vanessa’s firm made was in assuming that Facebook was an open system. It isn’t. Unlike generic email accounts from providers like Yahoo or Gmail which are available for almost any purpose, Facebook is a membership-based system specifically for personal use, which requires you to be who you say you are.

    The membership aspect of FB is lost on many because, in my view, it’s free. People just don’t associate real membership with FB because they pay nothing.

    Perhaps a future “enhancement” will allow people to only friend verified users, much like what Twitter does. I for one would pay a small annual fee so people interacting with me really do know that it’s me.

  3. Wow, I hope you “dropped a dime” on them with FaceBook!

    Aside from being heavy-handed and creepy, this is a HUGE security risk.

    What if you were providing your credit card info to her (OK, so this is a bit far-fetched in a PayPal world, and you’d probably not trust FaceBook’s email for this anyway) for a Craigslist item or the like?

    Is this one of those situations where the company has insisted that its employees provide log-in/password info for all their social media accounts, or did the company set up accounts that it would control for the various employees?

    Definitely a company that “doesn’t get it” … it would be helpful knowing what company that is … I’d hate to end up sending them a resume!

    – B.T.

Leave a comment...