Three stories detailing the events that led to our 3 Facebook users handing over control of their accounts to scammers, along with tips on how to avoid each scam.
Rob was surfing Facebook one afternoon, scrolling down his newsfeed. All of a sudden a message popped up on Facebook Chat. It appeared to come from Facebook Security. It told him that his account was in violation of Facebook’s community standards and that someone had made a complaint against him.
The message provided a link for Rob that – according to the message – he would need to visit to prevent his account from getting disabled. Even though Rob couldn’t figure out why this was happening, he was eager to sort it out. So Rob quickly clicked the link and it led to the Facebook login page. Rob entered his Facebook username and password, and was directed back to his Facebook newsfeed, with no indication that the problem was sorted out. Happy that he appeared to be able to continue using his Facebook account, Rob continued with his day.
…BUT…
Rob just got his account hijacked. How?
Rob actually hadn’t been contacted by Facebook Security. Facebook Security doesn’t contact users through Chat. He had been contacted by a compromised friends account. That friend got their own account hijacked and the scammer had changed the name and profile picture of the account to make it look like it belonged to Facebook security.
Sponsored Content. Continued below...
The scammer then sent out messages to all the friends of that account, which included Rob. The messages told Rob that his account was in danger but that wasn’t true either. The link that Rob clicked to “reactivate” his account actually took him to a spoof webpage that looked like the Facebook login page, but it wasn’t. It was a webpage operated by the scammers, and it stole all of the information entered into it, including Rob’s username and password. With that information, scammers can now access Rob’s Facebook account.
Tips for Rob
– Don’t click suspicious links in Chat
– Don’t enter your password and username on a webpage until you are sure it belongs to Facebook (i.e. begins with www.facebook.com)
– Enable Login approvals to prevent strangers from accessing your account if they manage to obtain your password.
Rob fell for a typical Facebook phishing scam.
Sponsored Content. Continued below...
Laura was surfing her own newsfeed when she encountered a link posted by a friend promising a video showing CCTV footage of a celebrity brawl in an elevator between two rival singing starlets.
Laura clicked the link, but instead of seeing the video, the webpage loaded up that said that Laura would need to like and share the webpage on her Facebook timeline before she could watch the video. Laura clicked the provided Like and Share buttons on the webpage and was then forwarded to what appeared to be the YouTube video player.
Laura clicked Play but a message popped up that said Laura’s computer didn’t have the required video plugin to watch the video. The message asked her if she’d like to install the plugin to watch the video. Laura clicked yes and another message popped up asking her if she was sure she wanted to download and install the file. Laura accepted and the file installed. The video still didn’t load up…
…HOWEVER…
Laura just got her account hijacked. How?
The link Laura originally saw on her newsfeed appeared to come from a friend. But the friend had just shared it because they too were trying to watch the video and were forced into sharing it first. After Laura clicked the link and also shared and liked the webpage, the same link of course was posted onto her own timeline for Laura’s friends to see.
Sponsored Content. Continued below...
After Laura was taken to the page that apparently had the video, Laura was prompted to download a file in order to make the video play. But in reality the file download had nothing to do with making a video play. In fact there was no video. The file Laura downloaded was malware. Specifically, if was a malicious browser extension capable of hijacking her Facebook account and causing it to – amongst other things – post spammy links in her name.
Tips for Laura –
– Don’t click on suspicious or trashy links on Facebook, even if they come from a friend.
– Don’t allow files to download or install from the Internet unless you explicitly trust the website you’re on
Laura fell for a malware attack that used Facebook to spread..
Sponsored Content. Continued below...
Paul noticed a link on his newsfeed that promised to tell him is exact IQ in only 15 questions. Paul clicked the link and straight away was asked to allow the App IQTest permission to access his Facebook profile. He accepted and was then forwarded to a page with lots of adverts and questions on it. Paul began answering the questions and after finishing question 15, the page said he needed to download his answers that would tell him his IQ.
Paul accepted the download, but nothing ever appeared that told him what IQ he had…
…HOWEVER…
Paul just got his account hijacked. How?
When Paul clicked the link on his newsfeed, he was asked to install a Facebook app. However Facebook apps are not created by Facebook and can be dangerous, since they can take users away from the confines of Facebook. When he installed the app, it forwarded Paul to an external webpage full of advertisements. When Paul completed the questions in the “IQ test” he was prompted to download his “answer file” but instead this was malware.
In this case the malware was a common type of malware called a keysniffer, or keylogger. A Keysniffer records all keystrokes on a device, including usernames and passwords. It records, logs and then transmits that information to the scammer, giving the scammer access to any accounts that were logged into with the password. This will eventually result in Paul giving up his password for his Facebook account and more.
Tips for Paul
– Don’t click on suspicious links on Facebook
– Don’t install Facebook apps you don’t trust
– Only download or install files from websites you explicitly trust
Paul fell for a malware attack that used a rogue Facebook app to spread.