Of the 1,600 Facebook related complaints that have been received by the Sri Lanka Computer Emergency Response Team (SL CERT) since the beginning of 2011, the majority of these incidents pertain to the opening of accounts, later reported as false, using the identity of mostly real life Sri Lankan females; according to Kanishka Yapa, Information Security Engineer at SL CERT, the Information and Communication Technology Agency-subsidiary that has been tasked with national cyber security protection. These fake accounts, once created, are later used to carry out various abusive activities.
Based on data from internetworldstats.com, Sri Lanka has close to 975,000 Facebook users as of June 2011. Also identified, it represents a 4.6% penetration level for the country's more than 21 million estimated population.
Additionally, Mr. Yapa also reveals that the next most visible threat are Facebook and electronic mail accounts being hacked, or being broken into, via their passwords being found out.
As such, he also indicates; "Facebook account is primarily attached to your e-mail account. Most people, without concerns about the security aspects, use the same password for both these accounts, also most use easily guessable passwords like their mobile number, birthdates, spouse's name, etc which leads to compromise of their accounts.
An user has to use all the security options available to properly secure their accounts, but on the other hand all these will be useless if you have the bad habit of sharing your password. We get numerous complaints of hacking of Facebook accounts, but in lot of these cases the victim has shared his/her password with others.
Your e-mail account security is equally important as your Facebook account security as both are combined to give you access to your Facebook account. This is why you need to strengthen your e-mail account security by providing alternate e-mail, mobile number, etc. to use in case of a hacking attempt."
For those unfortunate enough to be the victim of a fake account being opened in their name, or having their Facebook account or electronic mail account hacked, he suggests that they "directly report the issue to Facebook by using the Report/Block facility on each profile page. Even those who do not own a Facebook account [can] report fake accounts. Due to the sheer number of complaints SL CERT receives daily, it is advised to use the existing facility on Facebook to report harassment, inappropriate photos, hacked profiles, etc. as there is a dedicated team at Facebook to handle these incidents."
Commenting on pursuing the matter through legal means, Mr. Yapa notes: "Creating fake accounts and hacking are clear violations of the Facebook usage terms. This could be directly reported via Facebook to deactivate or remove the accounts." Further, in Sri Lanka; "If a Facebook account is hacked, it is a violation of the Computer Crimes Act of 2006."