ALAN ZISMAN ON
TECHNOLOGY
Sometimes, your Facebook account may really be hacked. A true story
By Alan Zisman ©2024-12-14
I see a regular stream of posts in my Facebook newsfeed from people I know warning their Facebook friends that their accounts 'have been hacked' and to ignore any friend requests apparently from them.
As I've written before, their Facebook accounts haven't been 'hacked' - instead, they've been 'cloned'. I'm not just nit-picking - in this case, words matter. If their account had been hacked, someone would have taken over their Facebook account, posting as them and probably locking them out of their own account by changing the password.
Cloners, however, take advantage of how easy it is to create a new account with a false name - something that Facebook isn't going to fix because multiple people legitimately share the same name. But they only do it because the default setting for Friends lists on Facebook is 'public' - and since most people don't ever change their privacy defaults, the faux-you can see who your FB Friends are, and contact them pretending to be you, asking your Friends to 'friend' them instead - and eventually asking them for money in your name. Facebook really need to change that default setting to 'only me' aka 'private', but until they do, you should. See how here.
But sometimes (though rarely!) a Facebook account really does get hacked.Here's what happened to a friend of mine recently.
Sharon (not her real name) was busy at work when she got a Facebook message, apparently from a real-life (and Facebook) friend of hers; Sharon didn't think much of it, and replied with her mobile number.
Her friend then messaged that Sharon should expect a text message with a confirmation number for a contest that her friend had entered - when it arrived, could she please forward the confirmation number? Being busy at work, Sharon didn't pay it much attention and forwarded the number on as requested.
Later that day, Sharon realized that she could no longer log into her Facebook account - her password was no longer recognized. Clicking on the Forgot Password link on the Facebook log in page got her emails in Turkish(!).
Facebook hacks - while rarer than clones - are common enough that Facebook has a page for people who think that might be the case: https://www.facebook.com/hacked. Here's what you'll see:
Clicking the second option will ask you to prove that you're you - it may require sending digital photos or scans of ID like drivers licenses to Facebook - while that may seem worrisome, and I certainly wouldn't do it in response to some random email or message that pops up while just browsing the web, if it's a request as part of a tech support process that you initiated - I'd suggest you do it!
Following this procedure, eventually Sharon got her Facebook account back.
While hackers in movies and TV shows sit down at a computer and using advanced knowledge of computer programming language manage to break into social media accounts. That wasn't what happened here.
Instead, having gotten control of Sharon's friend's Facebook account, the hacker sent out messages to a bunch of their Facebook friends. Sharon was fooled into thinking the message was legitimate and replied first with her phone number - the hacker then used that to try to log into Sharon's Facebook account. Because Sharon has Two Factor Authentication enabled for her account (a good thing - enable it now if you haven't already) whenever there's an attempt to log-into her account from a computer or device that hasn't done so before - like the hacker's computer - a code number is required that was sent as a text message to her mobile phone.
But the hacker had convinced her to send that code number, claiming it was a confirmation number for a context.
Computer security professionals refer to this as 'social engineering' - no advanced computer knowledge or programming skills needed... instead, just convincing people to freely give information that should be kept private.
When she discovered she was locked out of her Facebook account, Sharon realized the mistakes she had made - which any of us could have made, especially at a time when we're busy or distracted.
While Sharon's account was under the hacker's control, the hacker messaged her Facebook friends the same way they'd earlier messaged Sharon - before Sharon got her account back under her control, at least two of her Facebook friends had been similarly fooled by the hacker and list control of their Facebook accounts.
They, too, eventually got their accounts back - but I don't know how many of their friends were hacked.
Where would it have gone? Sharon assumes that if she hadn't realized she'd been hacked, the hacker - still pretending to be her Facebook friend, would have claimed to have won the contest and asked for bank account details so as to be able to send Sharon a share in the winnings. Not!
The moral(s):
Older blog postings....
Sometimes, your Facebook account may really be hacked. A true story
By Alan Zisman ©2024-12-14
I see a regular stream of posts in my Facebook newsfeed from people I know warning their Facebook friends that their accounts 'have been hacked' and to ignore any friend requests apparently from them.
As I've written before, their Facebook accounts haven't been 'hacked' - instead, they've been 'cloned'. I'm not just nit-picking - in this case, words matter. If their account had been hacked, someone would have taken over their Facebook account, posting as them and probably locking them out of their own account by changing the password.
Cloners, however, take advantage of how easy it is to create a new account with a false name - something that Facebook isn't going to fix because multiple people legitimately share the same name. But they only do it because the default setting for Friends lists on Facebook is 'public' - and since most people don't ever change their privacy defaults, the faux-you can see who your FB Friends are, and contact them pretending to be you, asking your Friends to 'friend' them instead - and eventually asking them for money in your name. Facebook really need to change that default setting to 'only me' aka 'private', but until they do, you should. See how here.
But sometimes (though rarely!) a Facebook account really does get hacked.Here's what happened to a friend of mine recently.
Sharon (not her real name) was busy at work when she got a Facebook message, apparently from a real-life (and Facebook) friend of hers; Sharon didn't think much of it, and replied with her mobile number.
Her friend then messaged that Sharon should expect a text message with a confirmation number for a contest that her friend had entered - when it arrived, could she please forward the confirmation number? Being busy at work, Sharon didn't pay it much attention and forwarded the number on as requested.
Later that day, Sharon realized that she could no longer log into her Facebook account - her password was no longer recognized. Clicking on the Forgot Password link on the Facebook log in page got her emails in Turkish(!).
Facebook hacks - while rarer than clones - are common enough that Facebook has a page for people who think that might be the case: https://www.facebook.com/hacked. Here's what you'll see:
Clicking the second option will ask you to prove that you're you - it may require sending digital photos or scans of ID like drivers licenses to Facebook - while that may seem worrisome, and I certainly wouldn't do it in response to some random email or message that pops up while just browsing the web, if it's a request as part of a tech support process that you initiated - I'd suggest you do it!
Following this procedure, eventually Sharon got her Facebook account back.
While hackers in movies and TV shows sit down at a computer and using advanced knowledge of computer programming language manage to break into social media accounts. That wasn't what happened here.
Instead, having gotten control of Sharon's friend's Facebook account, the hacker sent out messages to a bunch of their Facebook friends. Sharon was fooled into thinking the message was legitimate and replied first with her phone number - the hacker then used that to try to log into Sharon's Facebook account. Because Sharon has Two Factor Authentication enabled for her account (a good thing - enable it now if you haven't already) whenever there's an attempt to log-into her account from a computer or device that hasn't done so before - like the hacker's computer - a code number is required that was sent as a text message to her mobile phone.
But the hacker had convinced her to send that code number, claiming it was a confirmation number for a context.
Computer security professionals refer to this as 'social engineering' - no advanced computer knowledge or programming skills needed... instead, just convincing people to freely give information that should be kept private.
When she discovered she was locked out of her Facebook account, Sharon realized the mistakes she had made - which any of us could have made, especially at a time when we're busy or distracted.
While Sharon's account was under the hacker's control, the hacker messaged her Facebook friends the same way they'd earlier messaged Sharon - before Sharon got her account back under her control, at least two of her Facebook friends had been similarly fooled by the hacker and list control of their Facebook accounts.
They, too, eventually got their accounts back - but I don't know how many of their friends were hacked.
Where would it have gone? Sharon assumes that if she hadn't realized she'd been hacked, the hacker - still pretending to be her Facebook friend, would have claimed to have won the contest and asked for bank account details so as to be able to send Sharon a share in the winnings. Not!
The moral(s):
- while cloning Facebook accounts is much more common, hacking accounts happens too.
- hackers don't need to have deep knowledge of computers or programming - instead, social engineering techniques are used to convince us to freely give them the information they need to lock us out of our own accounts
- it can happen to any of us - especially if we're busy, distracted, tired and don't pay full attention to messages and notifications on our computes and other digital devices
- It's not particularly a Facebook issue - similar things can and do happen on all the other social media
- While it's important to take steps like turning on Two Factor Authentication - but know that this (and other security steps like installing security software) cannot protect you when you're get convinced to give away your information.
Older blog postings....
| About This Blog... I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Twitter or Google + for notice of new blog postings. |
 |