I had an ironic situation occur this past week. A close family member had their Facebook account hacked. Despite all of my warnings and admonitions, this young person I hold dear fell victim to a Facebook scammer.
My wife called and asked me why they had changed their name on Facebook. This immediately sent off warning bells in my mind, so I hopped on Facebook and visited the profile. Sure enough, the account name had been changed and the profile pic had been replaced with that of a trashy looking tramp.
I contacted my relative and told them about the situation. Unfortunately, their email had also been hacked. They reported the incident to Facebook and created a new Facebook profile. They also sent a shout out to all of their friends advising them that their account had been hacked – a pretty common occurrence in this situation.
There are a couple of problems here:
- It is nice they created a new account and advised people that their account had been hacked. Unfortunately, only the friends who re-friend them on this account will see it. Her 1300 plus other friends are clueless about the incident, and unless they notice the strange name, then they are at risk. If they also have a huge amount of friends, then what are the chances they will notice a name change on one account?
- Facebook can be very slow at taking action on fake profiles. This incident was reported on Wednesday morning and the bogus profile is still active.
The hacker not only has complete access to the Facebook information of my relative, but they can also access a large volume of data on the people she is friends with. Even the most privacy conscious individuals with everything set to ‘Friends Only’are now exposed and at risk. Think of all the information they can collect and the damage they can do in just a short period of time. Here are just a few ways they can exploit the friends of the newly acquired account:
- Data mine for mobile phone numbers on account profiles
- Collect personal and private information to be used for phishing attempts, identity theft or to make the ‘Grandma Scam’ more believable
- Use Photos and data obtained to create other fake profiles
- They can install rogue Facebook applications and send spam and scam links to all of the friends on the account.
- Monitor status updates of friends to know where they are and when they are not at home.
These are just a few things I came up with in brainstorming for five minutes or so. I’m sure there are countless other things a professional cyber criminal could devise.
Another scam that is very common at the moment is the bogus Facebook Security phishing scheme. We have warned on this one several times in the past. Basically, the person receives a message from someone pretending to be Facebook Security. Often times, the account sending the message has also been hacked by scammers. The profile picture is changed to that of the real Facebook Security and the name is changed to “Facebook Security” spelled with funky, non-traditional characters. Not only does this make the scam appear more legit, but these scammers have the access mentioned above to all of the ‘friends’ of the offending account.
Pay careful attention to everyone on your friends list. If you see any name changes or other suspicious activity, immediately perform the following actions to protect your personal information:
- Block or Unfriend the person sending the messages or that has had their name changed.
- Notify them of the situation, so they can take action to reclaim their account and mitigate the damage.
- Report the Fake Profile to Facebook – Do this by navigating to the offending profile, and clicking on the Down Triangle in the top right corner:
On Facebook, your privacy is only as secure as your weakest friend.
Leave a reply
