ThatsNonsense.com Home
Home Blog Facebook HQ Contact AntiVirus 2014
Loading



game of thrones toys

March 28th, 2012

What to do when your Facebook account keeps posting spam links

One of the more obvious signs that something is wrong with your Facebook account is when it starts to automatically post spammy links which can be seen by all of your friends.

These links can lead your friends to a whole host of different scams so it is important to find out what happened, how your account got compromised and more importantly to remove all traces of the spam links.

A spam link posted by a rogue Facebook app.

Anyone who uses Facebook will most likely have encountered these spam messages and links at some point. They could be anything from advertising gift vouchers, dieting supplements, celebrity trash videos, free promotional products, bonus Facebook features or a wide variety of other bait designed to lure friends into clicking.

And after clicking, Facebook users can find themselves presented with any number of Internet scams, from the annoying, such as clickjacking attacks, spammy rewards offers or survey scams, to the dangerous such as identity fraud or malware attacks.

Contrary to popular notions and rumours that lay the blame for these unwanted messages squarely on hackers and viruses, this is hardly ever the case. Hundreds of well-meaning but ultimately inaccurate messages circulate every day, vaguely explaining the latest outbreak of spam links but these messages are often completely mixed up and only end up confusing matters further.

It is important for everyone to understand that if your account has started posting automatic messages, you have – somewhere along the line – fallen for a trap. Despite what inaccurate warnings or even Hollywood movies may have implied, it is extremely improbable that hackers can magically “hack” your account without any action or mistake on your part.
If an account has been compromised, it’s the account owner that has made a mistake – they may just not have realised what that mistake was. Nearly all scams on Facebook these days lie on social engineering methods – that is to say they trick a Facebook user into compromising their own account. An account posting messages automatically is a perfect example of this. It means a Facebook user has fallen for a trap.

So what are the possible reasons why your account has started posting messages by itself? Here we list the 5 most popular ways to make an account post messages automatically, how to avoid falling for it and what to do if you already have fallen for it. At the end of the article we also outline how to remove spam posts which you’ll always need to do if your account has made these spam posts.

5. Rogue Facebook Apps - One of the first things to look out for is if an application is posting the messages. Contrary to popular belief, Facebook apps are not viruses or any other type of malware. Malware is malicious software that has been installed onto a computer, and thus has access to the computer. A Facebook application is a piece of software that has been installed onto a Facebook account, and thus only has access to certain features of that account, based on the permissions the account owner gave the applications when it was installed.
Determining if an application posted a message is easy, because underneath the posted message or link will appear the application name. For example take the image below

In the image, notice how the name of the application appears at the bottom of the message next to the word Via. This means the owner of the account who posted this message installed a Facebook application called ePrivacy, and it was that application that was responsible for the posted message.

How to avoid it… – be careful what applications you install. Never install Facebook applications if you do not trust the source.

If you’ve already fallen for it … – In this case, the owner of the account has to remove the application as it will be able to continue to post messages from the account for as long as it is installed. To learn how to remove Facebook applications, read our instructions here. The account owner also needs to remove the offending posts as we describe at the end of this article.

4. Phishing Attacks - Phishing attacks involve a user unwittingly giving their Facebook login information to scammers. This is most commonly accomplished by setting up spoof websites designed to look like the Facebook website. These spoof websites will request a user’s password and username. Once these are entered a scammer has access to the Facebook account and can then access the account and post messages. A scammer could either manually access the compromised account or use software to automatically post from compromised accounts. For more information on phishing, click here.

How to avoid it… – never enter your Facebook password – ever – unless you are on the actual Facebook login page, or within Facebook’s own security centre – in both cases the URL address will begin with www.facebook.com. Be wary of clicking links which bring up websites asking for your Facebook password.

If you’ve already fallen for it… – you need to change your Facebook password, and remove the offending posts as explained at the end of the article.

3. Share/Like Widgets - Facebook have produced a wide range of tools that allow Facebook users to share external websites on their Facebook account. Most will be familiar with the Facebook Share or Like buttons that many webmasters will display on their webpages. Clicking these buttons will result in the webpage being shared onto the Facebook users profile/timeline, providing they were logged into Facebook. If an account posts an unexpected message or link, it may simply be the result of the Facebook user clicking the Share button.
However there are other ways of fooling a user into sharing or liking a website. Clickjacking – otherwise known as likejacking – is the most popular method, where the Share or Like button is essentially hidden from view, and the Internet surfer is tricked into clicking the area of the webpage where the button is located, thus unwittingly clicking the button and sharing the site. You can read more about clickjacking here.
Another method of tricking users into inadvertently sharing a website is by disguising the Share button by displaying it in another language, so the user is not aware that clicking the button results in sharing the webpage on their Facebook account.
These methods will result in one message posted each time the user clicks the like or share button, so if an account continues to post the messages without user interaction then it is not down to this method.

How to avoid it… – be careful what websites you visit and where you click. Don’t share a website in order to receive something

If you’ve already fallen for it … – then stop clicking these Share buttons and remove the offending posts using the instructions at the end of the article.

2. Browser Extensions – Browser extensions aresmall programs that work with your Internet browser to give the Internet browser extra functionality. Such extensions have recently become popular with social networking users down to the range of extensions available to instruct the Internet browser to hide the Facebook timeline. However extensions can also be malicious and have been known to force Facebook accounts to post messages automatically. This means if your account is posting messages automatically you may have installed a browser extension.
The good news is that a user first has to confirm the installation of any browser – they can’t install themselves without explicit consent from a user. Depending on the browser you use (IE, Firefox for example) the confirmation and installaton process can vary, but usually consists of a handful of pop-ups confirming you wish to install an extension. (see image below for Firefox prompts)


Firefox first states that a page is trying to install software onto a computer then confirms the installation

How to avoid it.. – simply never install or download any software if you do not trust the source. If click a link and your browser shows a window asking to confirm the installation of software, unless you fully trust the source always cancel the download. Browser extensions cannot install themselves without a users permission. Also be aware that browser extensions popularly bait users by tricking them into thinking they are plugins, codecs or updates for videos.

If you’ve already fallen for it… – You need to uninstall the extension. We have instructions here.

1. Koobface and other malware – If a Facebook account is posting messages automatically, it is possible that the Facebook user has been tricked into installing malware, possibly a Koobface infection. These types of malware search the computer for activity with Facebook accounts. Once it finds this activity it is able to login using that Facebook account and post messages from it. If this is the case, at some point in the past the Facebook user has been tricked into installing malware onto their computer. A popular method of installing this kind of malware is when a malicious website tricks a user into installing malware by disguising it as a “video plugin” or “adobe update” for example.

How to avoid it… – be aware of what updates and plugins you install. If an untrusted website requests you install something – don’t! It could potentially be anything! Only install updates etc. from trusted sources, such as from the official Adobe website.

If you’ve already fallen for it … – you need to run an antivirus scan with reliable up-to-date antivirus software. You can see our recommendations for good antivirus here. You also need to remove offending posts as we explain below.

Stay Safe and Don’t Get Fooled…

Having reliable security software installed on your computer can block many of these threats before they occur, especially threats that involve the installation of malicious software so if you think you could fall for one of these scams remember to get protected!

How to remove offending messages and links

No matter how a Facebook account ends up posting these unwanted messages and links, they need to be removed as to stop the friends of the Facebook account from seeing them. To remove a post on your timeline, identify the post you want to delete and hover the mouse over it. Click the pencil icon and click Delete.

So to condense this article, if your account begins to post messages and links automatically, first check if an application is responsible and remove the application accordingly. If an application is not responsible and you cannot remember sharing or posting the link yourself, change your Facebook password and perform an antivirus scan. In all cases, remember to delete the offending post. You should also consider letting your friends know not to click the links you posted.


As of 2014, ThatsNonsense.com has been affiliated with our recommended security protection software, BitDefender. This means we can offer you, our reader, a great value 20% discount with our very own discount code: NONSENSE. If you're looking to upgrade your security software, just click the link below and type in the coupon to get your discount.


  • http://www.bewytchmeradio.com DeeJay BeWy

    Keep up the great work Craig and thanks for visiting my site. I am posting your page everytime someone posts new scam stuff. Thanks. Have a fantabulous day.

  • http://www.antivirussorted.com Ernie

    Hi Craig

    I run a blog about antivirus software but recently I’ve been receiving a large amount of spam posts in my blog originating from Facebook accounts. The spam messages have no links to external sites. They use their facebook account URL in the “website” field so this practice is not making any sense to me at all.

    It appears to me that these people’s accounts where the spam is originating from doesn’t fall in the demographic for my blog so I assume that these people are probably not aware that their Facebook accounts are being used to spam my blog (as well as other blogs/sites out there.)

    Do you have any explanation as to why someone might be spamming sites this way?

    Thanks

    Ernie

    • thatsnonsense.com

      We’ve had the same thing. Occasionally there are backlinks in the message itself, but sometimes not. Not sure what the motivation is.

  • http://facebook Linda

    Would like to take a minute to just say ” thank you ” for all your hard work in trying to keep us informed on how these thing happen an how to correct the mistakes we have made. Also “a big thank you to all ” who share in doing this for all of us users. .HoaxHunter sent me here as well as other sites where reliable info that is trust worthy can be found just so ya know …we have come to know an appreciate all as a wonderful ” safety team “.

  • Roxy

    What does it mean if I posted a comment on a non-FB site that only had a comment box and a “publish” button (didn’t ask for any other info), and after I ckicked “publish,” my FB profile pic appeared next to my comment as though it were a regular FB post? It also linked directly to my FB profile for anyone to see. I couldn’t figure out how this happened, nor was I able to remove the comment. I was not signed into Facebook, and did not have to login before my comment appeared. I actually deactivated my FB account just to get my profile and photo off this other site. The site was a medical site, so I felt ok posting there but didn’t want my photo on their site. The comment did not appear on my FB page so I was unable to remove it that way.

    Anyone know how this happened?

    • thatsnonsense.com

      Many websites use Facebooks comments plugin so users can make comments using their Facebook profile. If you choose to make a comment your profile pic and name will appear next to the comment made on the website. If you don’t want this to happen do not use the Facebook Comments plugin.

  • http://www.facebook.com/people/Sriram-D-Iyer/769734055 Sriram D Iyer

    Thank you very much Craig, just removed the extension which was posting shit tagging my friends on facebook.

  • Colin Stamp

    Thanks. Very well written and discussed article. D’offs me ‘at to ya!
    Colin

  • Vanessa

    Hi, thanks for your useful article. Our company’s Facebook page is regularly spammed by posts from a company we follow. We’ve contacted this company but they say they can’t see these posts on our wall… Also these post always have a link to their blog. And it looks like these post on our wall don’t appear on theirs. Originally they were posted via Hootsuite.

    We tried to contact Facebook… but no answer. Any ideas?

    Thanks for your help

  • meredit

    Thank you so much for your efforts on our behalf!


All Rights Reserved, Craigsspace design. Site designed by CraigsSpace Design Home | Blog | Work from Home Scams | Facebook Safety | Protect Your Computer | Contact Us
ThatsNonsense.com is affiliated with several products featured and advertised on this site and may recieve compensation upon purchase of those products.
FREE online iPad mockup generation tool